Edge Starts Up With All Passwords Exposed in RAM, Security Researchers Warn
A security researcher disclosed that Microsoft Edge decrypts and loads every saved password into plaintext within the browser’s process memory at startup, unlike Chrome which decrypts on demand and uses App-Bound Encryption. This creates a wide attack surface in shared or multi-user environments since credentials are present in memory for the entire session, even though Edge still prompts for re-authentication to view passwords. Microsoft says the behavior is by design, leaving security teams to consider disabling or mitigating this risk until Edge adopts on-demand decryption and stronger protections.