WebView2 failing after recent Windows update due to running with process Integrity: Low

[ehardebeck]

What happened?

After a recent Windows Update, believed to be KB5044273 our application using WebView2 began failing for non-Administrator users. Details below.

The application is a WPF application with uiAccess=true in the manifest, installed in Program Files.

• Running as an Administrator user works
• Copying the application to Documents (or some other folder belonging to the non-Administrator user) works
• We rebuilt the application with uiAccess=false and that also works.

In the failing case ProcMon shows our application runs with process Integrity: Medium, msedgeview2.exe runs with Integrity: Low. In all the success cases above msedgeview2.exe is running with process Integrity: Medium.

Initially it failed with “The Requested Resource is in Use” 0x800700AA attempting to create the User Data directory in AppData\Local. We changed that to use AppData\LocalLow and the User Data directory is created.

But then there is another failure CO_E_SERVER_EXEC_FAILURE (0x80080005). This appears to be because msedgeview2 does not have access to create certain ClientState or ClientStateMedium Registry keys.

The error from webview2 logging is like: 24412: 28192: 1023/165626. 622: ERROR: google_update_settings.cc(496) Failed opening key Software\Microsoft\EdgeUpdate\ClientStateMedium\{F3017226-FE2A-4295-8BDF-00C3A9A7E4C5} to set urlstats; result: 5 also usagestats at line 463.

This error can be seen in the Chromium source code in google_update_settings.cc

ProcMon shows an ACCESS DENIED result for four RegCreateKey operations on: HKU\S-1-5-21-2865326211-172154222-2923344072-1008\Software\Microsoft\EdgeUpdate\ClientState\{F3017226-FE2A-4295-8BDF-00C3A9A7E4C5} or HKU\S-1-5-21-2865326211-172154222-2923344072-1008\SOFTWARE\Microsoft\EdgeUpdate\ClientState\{F3017226-FE2A-4295-8BDF-00C3A9A7E4C5}

The child process running with Integrity: Low seems to be the change, but this is not specific to WebView2. We have an older version of the app that uses CEF/CefSharp where the browser subprocess also runs Low and fails with this update because it is unable to create its GPUCache folder any more.

However the issue with WebView2 seems to be that it cannot run correctly at Integrity: Low

Importance

Blocking. My app's basic functions are not working due to this issue.

Runtime Channel

Stable release (WebView2 Runtime)

Runtime Version

129.0.2792.89

SDK Version

1.0.2849.39

Framework

WPF

Operating System

Windows 10

OS Version

10.0.19045 also Win 11 22H2

Repro steps

• Install KB5044273
• Run an application with uiAccess=true in Program Files
• msedgeview2 fails to initialize browser

Repros in Edge Browser

No, issue does not reproduce in the corresponding Edge version

Regression

Don't know

Last working version (if regression)

n/a not a regression in webview2

[ehardebeck]

This could be related https://www.reddit.com/r/Windows10TechSupport/comments/1g5xg5p/kb5044273_and_permissions_issues/

[ehardebeck]

After uninstalling KB5044273 the msedgeview2.exe child process is running at Integrity Medium and the application works.

[ehardebeck]

Looks like a duplicate of https://github.com/MicrosoftEdge/WebView2Feedback/issues/4880

[LiangTheDev]

It should be a duplicate of #4880. When the app runs at medium IL, msedgewebview2.exe process created by it should also run with medium IL. Will report this to Windows team.

[aluhrs13]

Closing as dupe, see #4880

[ehardebeck]

Fixed by Microsoft https://learn.microsoft.com/en-us/windows/release-health/status-windows-10-22h2#october-2024