A security researcher found Microsoft Edge loads every saved password into system memory after a single verification and leaves them there in plaintext, making them recoverable via a RAM dump; Edge's behavior contrasts with Chrome, which loads site passwords on demand and clears them after use. Microsoft says the threat requires a compromised device or administrative access, but the finding shows design choices materially expand what an attacker or admin can extract.
— Browsers’ memory‑handling of password vaults is a consequential design choice that shifts responsibility between platform vendors, OS privilege models, and enterprise security controls.
BeauHD
2026.05.06
100% relevant
Tom Joran Sonstebyseter Ronning's RAM dump of Edge passwords and Microsoft's statement about device compromise and design tradeoffs.
← Back to All Ideas