Microsoft Edge has come under fire after a security researcher revealed that the browser loads all saved passwords into memory in cleartext as soon as it starts up. This means that even if you never visit a website linked to those credentials, the passwords remain stored in memory for the entire browsing session.
Security researcher Tom Jøran Sønstebyseter Rønning discovered that Edge behaves differently from other Chromium-based browsers. According to his findings, Microsoft Edge decrypts and stores all saved passwords in memory on startup, making it potentially easier for attackers to harvest credentials through memory access attacks.
The researcher explained that Edge was the only Chromium browser he tested that worked this way. In comparison, Google Chrome only decrypts passwords when needed and uses Application-Bound Encryption as an additional security layer. This means passwords only briefly appear in plain text during autofill or when users manually view them.
This approach significantly reduces the exposure window for saved credentials. Edge, however, keeps passwords available in memory throughout the entire session, which could make extraction easier if a system is already compromised.
The main concern is that if an attacker gains access to system memory, they could potentially extract saved passwords from Edge much more easily. The researcher’s proof-of-concept demonstrated how an attacker with administrative access on a terminal server could access passwords belonging to other logged-in users while Edge was running.
After reporting the issue to Microsoft Edge, the researcher says Microsoft responded that the behaviour is “by design.” Microsoft acknowledged the findings and explained that browser data being accessible in memory is part of how browsers help users sign in quickly and securely.
To be fair, many cybersecurity experts agree that once an attacker already has administrator-level access to your system, the machine is effectively compromised anyway. At that point, browser passwords are just one of many things attackers can potentially access.
This is the ultimate question, and highlights an ongoing issue with browser-based password storage. Infostealer malware continues to target saved credentials, session tokens, and authentication data because browsers remain a common weak point for users and businesses alike.
Security experts generally recommend using dedicated password managers instead of relying solely on browser storage. Enabling multi-factor authentication and moving towards passkeys can also significantly improve account security.
Convenience will always compete with security. Browsers want everything to feel seamless, while attackers only need one opportunity to exploit weak protection. Humans continue choosing the easiest option available, which explains at least half of modern cybersecurity problems.
We hope you’ve liked this blog. Stay tuned for more blogs like this. Stay safe!
