Dataconomy
  • News
    • Artificial Intelligence
    • Cybersecurity
    • DeFi & Blockchain
    • Finance
    • Gaming
    • Startups
    • Tech
  • Industry
  • Research
  • Resources
    • Articles
    • Guides
    • Case Studies
    • Whitepapers
    • AI Models Leaderboard
  • AI toolsNEW
  • Newsletter
  • + More
    • Glossary
    • Conversations
    • Events
    • About
      • Who we are
      • Contact
      • Imprint
      • Legal & Privacy
      • Partner With Us
Subscribe
No Result
View All Result
  • AI
  • Tech
  • Cybersecurity
  • Finance
  • DeFi & Blockchain
  • Startups
  • Gaming
Dataconomy
  • News
    • Artificial Intelligence
    • Cybersecurity
    • DeFi & Blockchain
    • Finance
    • Gaming
    • Startups
    • Tech
  • Industry
  • Research
  • Resources
    • Articles
    • Guides
    • Case Studies
    • Whitepapers
    • AI Models Leaderboard
  • AI toolsNEW
  • Newsletter
  • + More
    • Glossary
    • Conversations
    • Events
    • About
      • Who we are
      • Contact
      • Imprint
      • Legal & Privacy
      • Partner With Us
Subscribe
No Result
View All Result
Dataconomy
No Result
View All Result

Microsoft Edge exposes saved passwords in memory

A researcher says Edge decrypts all stored credentials at launch and keeps them in cleartext during sessions, raising security concerns for enterprise and shared-device environments.

byKerem Gülen
May 5, 2026
in Cybersecurity, News
Home News Cybersecurity
Share on FacebookShare on TwitterShare on LinkedInShare on WhatsAppShare on e-mail
Google Preferred Source

A security researcher disclosed that Microsoft Edge decrypts every stored password into process memory upon browser launch, retaining them in cleartext for the entire session, irrespective of whether users visit the associated sites. The researcher, known as @L1v1ng0ffTh3L4N, presented the finding at BigBiteOfTech and confirmed through testing that Edge is unique among major Chromium-based browsers for this behavior.

Microsoft Edge loads all your saved passwords into memory in cleartext — even when you’re not using them. pic.twitter.com/ci0ZLEYFLB

— Tom Jøran Sønstebyseter Rønning (@L1v1ng0ffTh3L4N) May 4, 2026

At the event, presented by PaloAltoNtwks Norway, the researcher also showcased a public verification tool allowing users to check for cleartext credentials in Edge’s process memory. Following this, a video demonstration aired on May 4, 2026, accumulating nearly 6,000 replies across social media platforms.

Stay Ahead of the Curve!

Don't miss out on the latest insights, trends, and analysis in the world of data, technology, and startups. Subscribe to our newsletter and get exclusive content delivered straight to your inbox.

Microsoft’s response indicated the handling behavior is “by design.” The contrast with Google Chrome is stark; Chrome decrypts credentials only when needed using on-demand decryption and App-Bound Encryption, which ties decryption keys to an authenticated browser process to prevent unauthorized access.

Edge lacks these protections, which means that every saved credential becomes vulnerable as it remains exposed in plaintext from launch. Notably, the browser prompts users for re-authentication before revealing passwords, yet all credentials are still visible in memory, undermining the effectiveness of this security measure.

Angus Holliday, a Senior Security Operations Specialist, pointed out that the App-Bound Encryption policy does not secure data in memory, only the encryption keys for data stored locally. Microsoft’s documentation acknowledges that local attacks and malware vulnerabilities fall outside the browser’s threat model.

Shared or multi-user environments are particularly at risk, where administrative privileges enable an attacker to access the memory of all logged-in users. A proof-of-concept demonstrated how an admin account could extract stored credentials from other users’ Edge process memory, raising significant organizational security concerns.

Many industry professionals criticized Microsoft’s approach on platforms like LinkedIn, arguing for stronger protective measures against local attacks. Existing documentation indicates that Microsoft Edge cannot safeguard against threats compromising the entire device.

Organizations that exclusively use Edge face heightened configuration risks due to this intentional design choice rather than a fixable flaw. These concerns are amplified for enterprises involved with terminal server deployments, VDI, and shared-access systems.


Featured image credit

Tags: Featuredmicrosoft edge

Related Posts

OpenAI retires Atlas browser to focus on new ChatGPT superapp

OpenAI retires Atlas browser to focus on new ChatGPT superapp

July 14, 2026
Microsoft tests Copilot’s new PC insights feature in Windows 11

Microsoft tests Copilot’s new PC insights feature in Windows 11

July 14, 2026
Xiaomi unveils SkyNomad N90 range-extender SUV

Xiaomi unveils SkyNomad N90 range-extender SUV

July 14, 2026
X algorithm update aims to make replies feel friendlier

X algorithm update aims to make replies feel friendlier

July 14, 2026
Windows 11 Search Box gets less clutter and more control

Windows 11 Search Box gets less clutter and more control

July 14, 2026
Pixel 11 leak shows bold magenta and peach colors

Pixel 11 leak shows bold magenta and peach colors

July 14, 2026

LATEST NEWS

OpenAI retires Atlas browser to focus on new ChatGPT superapp

Microsoft tests Copilot’s new PC insights feature in Windows 11

Xiaomi unveils SkyNomad N90 range-extender SUV

X algorithm update aims to make replies feel friendlier

Windows 11 Search Box gets less clutter and more control

Pixel 11 leak shows bold magenta and peach colors

BEST AI MODELS LEADERBOARD

See the best AI models, ranked by intelligence, benchmark results, speed and token price. Find the most suitable LLMs, Text-to-Image, Image Editing, Text-to-Speech, Text-to-Video and Image-to-Video  artificial intelligence model for your tasks and business.

LATEST TOOLS

MonAI

AIEngine Plugin

Neuraspace

Mootion

Legacy AI

Copyseeker

ProPhotos

Kuki AI

Create

RemodelAI

Dataconomy

COPYRIGHT © DATACONOMY MEDIA GMBH, ALL RIGHTS RESERVED.

  • About
  • Imprint
  • Contact
  • Legal & Privacy

Follow Us

  • News
    • Artificial Intelligence
    • Cybersecurity
    • DeFi & Blockchain
    • Finance
    • Gaming
    • Startups
    • Tech
  • Industry
  • Research
  • Resources
    • Articles
    • Guides
    • Case Studies
    • Whitepapers
    • AI Models Leaderboard
  • AI tools
  • Newsletter
  • + More
    • Glossary
    • Conversations
    • Events
    • About
      • Who we are
      • Contact
      • Imprint
      • Legal & Privacy
      • Partner With Us
No Result
View All Result
Subscribe

This website uses cookies to improve your experience. You can choose to accept or reject them. Visit our Privacy Policy.