Microsoft just broke the best way to make Chrome your default browser

If you’ve taken advantage of Google Chrome’s nifty tool that makes it the default browser for Windows — without even needing to open your PCs app settings! — we regret to inform you that Microsoft’s most recent update introduces an annoying bug that seems to only go away if you switch your default back to Microsoft Edge. 

Weird, huh?

The April Windows update in question, KB5025221 (opens in new tab), has been causing no small amount of trouble for enterprise users, according to Gizmodo (opens in new tab)

Since July 2022, Google Chrome came with a function that would let you change your default browser with the click of a button, typically along the top end of the window, but also in the browser’s settings menu as well. 

Since the April 2023 Windows update however, Windows enterprise customers have been having an especially tough time of things as the Windows Default App settings page reportedly opens up every time Chrome is opened, forcing the user to close the settings page.

“After today’s cumulative update for Windows 10 and 11, 2023-04, every time I open Chrome the default app settings of windows will open,” one frustrated user on the Microsoft support forums wrote (opens in new tab). “I’ve tried many ways to resolve this without luck. This is happening to all 600 systems with the update.”

Another user of the r/sysadmin subreddit found that just clicking on a link shortcut was enough to trigger the issue.

“If Chrome is set as the default browser clicking on the link shortcut wil[l] open the link in chrome, but also open the windows settings on the default apps,” the user, azaaza0909, writes (opens in new tab). Tellingly, they also note: “It doesn’t happen if we change the default browser to edge.”

The Windows update doesn’t give much in the way of concrete details as to what it is fixing beyond saying up top that “This update addresses security issues for your Windows operating system.”

It’s not just enterprise users

(Image credit: Microsoft)

While enterprise users seem to be the most severely impacted by this bug, they aren’t the only ones. Consumer versions of Windows 10 and Windows 11 also seem to have been impacted by the April update, though its impact is more annoying than actively frustrating.

For regular customers, the update seems to have disabled Google Chrome’s ability to set the default browser through the browser itself. I can confirm that going into Chrome’s settings and trying to set the default browser will force the Default App settings to open, but not actually change anything. You’d have to navigate down the app list, select Chrome, and at the top click the button that says Set Default.

After setting Google Chrome as the default browser, I tried to do the same thing through the Settings menu on Microsoft Edge. With Microsoft Edge though, clicking the Set Default button in the Default Browser menu did in fact reset the default browser to Edge.

So, is this a matter of Microsoft dinging its web browser rival? There’s no way to assign that kind of motivation to a company of many thousands of people, but I’m inclined to believe that the issue with Default Browser-Gate isn’t purely malice on Microsoft’s part.

What’s behind the bug?

In order to set the default app on Windows the user just toggles a couple of switches and goes about their browsing journey, but behind the scenes, the record of which app is the default app (opens in new tab) for opening files with specific extensions (like .html) is recorded in the OS’s registry file system. 

This is not the kind of thing you mess around with willy-nilly, since screwing up your registry settings can cause all kinds of havoc and even brick your Windows install. Google, meanwhile, would have to make edits to your OS registry files in order to set Chrome as the default web browsing app, and even though programs do this all the time when installing or uninstalling components, it’s usually not as easy as a single button click outside of a Windows settings menu.

And while Google might have gotten away with its tool for several months, this is the kind of vector for security threats that will catch the attention of software security pros. 

Changing your default web browser from inside the browser itself isn’t likely to pose any kind of threat, but good information and software security is preventative rather than reactive. So, Microsoft likely just determined that it needed to keep these kinds of registry changeable actions contained within Microsoft’s own settings system, which is far more likely to be secure than some future version of Google Chrome.

This is probably what Microsoft is referring to when it writes in one of the few notes on the update that “This update addresses a compatibility issue. The issue occurs because of unsupported use of the registry.”

As for why Edge can make the registry changes denied to Google? Well, Edge is Microsoft’s product, so it is obviously going to be far more compatible and understood by the Windows OS developers themselves who can work together internally to create a safe way for its browser to do things normally requiring higher level privileges when attempted by a third-party app. This absolutely makes it easier to ensure security is being maintained since Microsoft is in control of both of the actors in the exchange.

Could Microsoft also be acting petty and making it just a teensy bit harder to use its competitor’s product while making its own much easier as an alternative? Who’s to say; it’s not like Microsoft got into a very famous anti-trust battle with the US government (and lost!) over this exact issue of the company giving system-level preference to its own web browser over a competitor’s, right? 

Given the increasing intensity of Microsoft’s push to increase Edge adoption (including its increasingly grating attempts to get you to switch to its browser (opens in new tab)), at a minimum, the best you can say is that Microsoft wouldn’t go out of its way to necessarily make it easier for Google to win the latest browser war. In the end, it’s likely a little of column A, a little of column B, but this one is at least more defensible from a security perspective.

Related Post