Edge Starts Up With All Passwords Exposed in RAM, Security Researchers Warn

May 5, 2026 at 12:45 PM

•

1 min read

Edge Starts Up With All Passwords Exposed in RAM, Security Researchers Warn — Photo: CyberSecurityNews

TL;DR Summary

A security researcher disclosed that Microsoft Edge decrypts and loads every saved password into plaintext within the browser’s process memory at startup, unlike Chrome which decrypts on demand and uses App-Bound Encryption. This creates a wide attack surface in shared or multi-user environments since credentials are present in memory for the entire session, even though Edge still prompts for re-authentication to view passwords. Microsoft says the behavior is by design, leaving security teams to consider disabling or mitigating this risk until Edge adopts on-demand decryption and stronger protections.

Topics:technology #cyber-security #cybersecurity #edge #memory #mitre-attack #passwords

Share this article

Microsoft Edge Stores All Saved Passwords in Cleartext Process Memory at Launch CyberSecurityNews
Microsoft Says Edge Password Security Vulnerability Is ‘By Design’—Is It Time To Switch To Chrome? Forbes
Microsoft Edge keeps cleartext passwords in RAM, security researcher warns Cybernews
Microsoft Edge Exposes Saved Passwords In Memory Dataconomy
PoC tool extracts cleartext passwords from Microsoft Edge memory CyberInsider

Reading Insights

Total Reads

Unique Readers

Time Saved

58 min

vs 59 min read

Condensed

99%

11,675 → 88 words

Want the full story? Read the original article

Read on CyberSecurityNews

JavaScript Required

tl;dr daily news requires JavaScript to be enabled. Please enable JavaScript in your browser settings.

Related Sources

Reading Insights