Google Chrome即将变得更安全

此举旨在通过浏览器停止高调攻击，并在所有平台上加强用户安全。

Google Chrome is set to get a little safer, especially on Windows, as it is adding a new security feature to Chrome that will automatically de-elevate the browser when it is launched with administrator privileges.

Google Chrome设置要变得更安全，尤其是在Windows上，因为它正在向Chrome添加一个新的安全功能，该功能将在浏览器启动时自动将其删除。

This move is aimed at stopping high-privilege attacks through the browser and strengthening user security across all platforms.

此举旨在通过浏览器停止高调攻击，并在所有平台上加强用户安全。

The change, recently submitted via a Chromium code commit, builds on a similar mechanism introduced in Microsoft Edge back in 2019.

最近通过Chromium Code提交提交的更改基于2019年Microsoft Edge引入的类似机制。

Spotted in the wild on Social Media

在社交媒体上发现了野外

As spotted by Leo (@peva64) on X, the update is designed to improve system security by preventing Chrome from running in elevated mode unnecessarily. In other words, you will no longer be able to run Chrome as an “admin” user on Windows machines, unless absolutely necessary.

正如Leo（@peva64）在X上发现的那样，该更新旨在通过防止Chrome不必要地以高架模式运行来提高系统安全性。换句话说，除非绝对必要，否则您将不再能够在Windows计算机上作为“管理员”用户运行Chrome。

Further, Chrome will now attempt to relaunch itself with standard user permissions when started with admin rights. If the first relaunch attempt fails, Chrome will fall back to the current behavior —running with elevated privileges — but only after ensuring it doesn’t get stuck in a relaunch loop.

此外，Chrome现在将尝试在管理权权利时尝试重新启动标准用户权限。如果第一次重新启动的尝试失败，Chrome将恢复到当前的行为（具有升高的特权），但只有在确保它不会陷入重新启动循环之后。

“Automatically de-elevate users launching chrome elevated. This CL is based on changes we’ve had in Edge, circa 2019, which attempts to automatically de-elevate the browser when it’s run with the elevated part of a split / linked token,” Stefan Smolen working with the Microsoft Edge team and one of the key contributors to this update, wrote in a Chromium commit.

启动Chrome的用户会自动消除升高的用户。此CL基于我们在Edge中发生的变化，大约在2019年，它试图在浏览器中自动脱离浏览器，并以拆分 /链接的Token的高架部分运行，Stefan Smolen与Microsoft Edge Team一起工作的Stefan Smolen与此更新的Chrom合作，并与Microsoft Edge Team合作，并撰写了Chrom的贡献。

“This automatically attempts a relaunch once, and then if it still fails it falls back to the current behaviour (which tries to launch admin).”

“这会自动尝试一次重新启动，然后如果仍然失败，它将落后于当前行为（试图启动管理员）。”

Microsoft has also introduced a command-line switch, “-do-not-de-elevate,” to stop Chrome from de-elevating after an automatic relaunch. This helps prevent potential infinite relaunch loops when the browser fails to start with standard privileges.

微软还引入了一个命令行开关“ -do-not-de-ewervate”，以阻止Chrome自动重新启动后去升值。当浏览器无法从标准特权开始时，这有助于防止潜在的无限重新启动循环。

“Do not de-elevate the browser on launch. Used after de-elevating to prevent infinite loops,” reads a comment in the source code.

源代码中的评论中写道：“不要在启动时解开浏览器。在除外以防止无限循环。”

However, this de-elevation won’t apply to Chrome processes launched with elevated rights in automation scenarios, ensuring compatibility with testing tools and scripts.

但是，这种脱离不适用于在自动化方案中启动的镀铬流程，从而确保与测试工具和脚本的兼容性。

New Check Added

添加了新的检查

To detect when elevated privileges aren’t needed, Chrome now uses a new check called (UserAccountIsUnnecessarilyElevated) that identifies situations where User Account Control (UAC) is enabled, yet the browser is still running with an elevated, linked token — prompting Chrome to relaunch with standard permissions.

为了检测何时不需要提高特权，Chrome现在使用了一个新的检查（用户Accountisunnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnne decelede而言），该检查可以识别启用用户帐户控制（UAC）的情况，但是浏览器仍在使用高架的，链接的图表运行，促使Chrome与标准允许相关。

Additionally, the RunDeElevatedNoWait function has been modified to accept the current working directory, which addresses issues where the default directory (typically system32), which previously led to unexpected or buggy behaviour in some scenarios.

此外，已修改了rundeelevednowait函数以接受当前的工作目录，该目录解决了默认目录（通常是System32）的问题，该问题先前导致某些情况下导致意外或错误的行为。

With this initiative, the Chromium team warns about the security risks and compatibility issues that could arise from running with administrative rights. By defaulting to standard privileges, Chrome is looking to follow a safer, more user-friendly model, making the browser more robust in today’s increasingly complex digital landscape.

通过这项倡议，Chromium团队警告说，凭借行政权利运行可能引起的安全风险和兼容性问题。默认情况下，Chrome希望遵循一个更安全，更具用户友好的模型，从而使浏览器在当今日益复杂的数字景观中更加健壮。