Skip to main content
See every side of every news story
Get Started
SubscribeLogin
Published loading...Updated

Microsoft Says Edge Password Security Vulnerability Is ‘By Design’—Is It Time To Switch To Chrome?

Microsoft says the design speeds sign-ins, but researchers warn it leaves saved credentials exposed in memory to anyone with admin access.

  • Security researcher Tom Jøran Sønstebyseter Rønning discovered on Monday that Microsoft Edge loads all saved passwords into RAM in cleartext at startup, creating a potential security vulnerability.
  • Unlike Google Chrome, which decrypts credentials only when needed, Edge keeps all passwords resident in process memory throughout the session. Rønning warned that Edge is the only Chromium-based browser he tested exhibiting this behavior.
  • Security researcher Rob VandenBrink replicated the findings using "Create Memory Dump," while Morey Haber, chief security advisor at BeyondTrust, stated the practice "violates the principles of least privilege, zero trust, and secure application design."
  • Microsoft acknowledged the behavior, asserting it improves performance and is an "expected feature." A spokesperson stated, "Access to browser data as described in the reported scenario would require the device to already be compromised."
  • Experts broadly agree that administrative access equals full system compromise, sparking debate over whether the risk is overblown. Security professionals recommend using dedicated password managers rather than relying on browser-based storage.
Insights by Ground AI

15 Articles

ZDNetZDNet
Center

Why Edge stores your passwords in plaintext, according to Microsoft

The behavior is by design, says Microsoft. But is this still a security risk?

·United States
Read Full Article
PC MagPC Mag
Lean Left

Researcher Finds Microsoft Edge Stored Passwords Load in Plaintext

Microsoft defends it as a 'design choice,' saying the threat requires the PC to be compromised. But the researcher who flagged the issue says other Chromium-based browsers sidestep the problem.

·United States
Read Full Article
Tech SpotTech Spot
Center

Microsoft Edge stores all your saved passwords unencrypted in memory

Security researcher Tom Jøran Sønstebyseter Rønning recently shared evidence that Microsoft's web browser-based password manager stores all of its saved passwords in memory without encryption while running. He released and demonstrated a simple proof of concept that displays the passwords and their associated accounts.Read Entire Article

Read Full Article
ForbesForbes
Center

Microsoft Says Edge Password Security Vulnerability Is ‘By Design’—Is It Time To Switch To Chrome?

·United States
Read Full Article
Digital TrendsDigital Trends
Center

Edge browser has a serious password safety problem, but Microsoft says it’s by design

A security researcher found that Microsoft Edge loads all saved passwords into unencrypted memory at startup, keeping them exposed for the entire session even when they are not in use.

·United States
Read Full Article
HackReadHackRead
Reposted by
IT Security News - cybersecurity, infosecurity newsIT Security News - cybersecurity, infosecurity news

Researcher Shows Edge Browser Stores Saved Passwords in Plaintext

Cybersecurity expert Tom Rønning finds Microsoft Edge loads all saved passwords into computer memory as cleartext, making them easy for hackers to steal.

Read Full Article
Think freely.Subscribe and get full access to Ground NewsSubscriptions start at $9.99/yearSubscribe

Bias Distribution

  • 80% of the sources are Center
80% Center

Factuality Info Icon

To view factuality data please Upgrade to Premium

Ownership

Info Icon

To view ownership data please Upgrade to Vantage

itavisen.no broke the news on Tuesday, May 5, 2026.
Too Big Arrow Icon
Sources are mostly out of (0)

Similar News Topics

Microsoft icon

Microsoft

Windows icon

Windows

Technology icon

Technology

Startups icon

Startups

Big Tech and Platforms icon

Big Tech and Platforms

News
Feed Dots Icon
For You
Search Icon
SearchBlindspot LogoBlindspotLocal