Microsoft Reverses Edge Password Loading in RAM, Plans Fix in Next Update

5 articles · Updated · PCMag AU · May 15

Microsoft said Edge no longer loads saved passwords into memory at startup, reversing the behavior after a security backlash; the fix is already in Canary and is slated for the next stable update.
A researcher last week showed a simple command-line tool could extract all saved Edge passwords from RAM with administrator privileges, and said Edge was the only Chromium-based browser he tested that handled credentials this way.
Microsoft had argued the scenario required a device already compromised by malware or elevated local access, but that defense drew criticism over whether the browser was doing enough to protect users.
The company has not detailed its new storage and decryption method, and said it is also reviewing how it handles researcher reports after initially dismissing the finding.

With Edge storing passwords in plain text, how can you know if your data was stolen before Microsoft's security fix?

Microsoft called a major password flaw 'by design.' What other security risks are being ignored in the software you use daily?

Was Microsoft's dismissed vulnerability an open invitation for the rapidly growing infostealer malware economy?