Skip to main content
See every side of every news story
Get Started
SubscribeLogin
Published loading...Updated

Microsoft Says Edge Password Security Vulnerability Is ‘By Design’—Is It Time To Switch To Chrome?

The researcher said Edge decrypts saved credentials at startup, while Chrome does not show the same memory exposure.

  • Cybersecurity researcher Tom discovered that Microsoft Edge loads every saved password into memory at startup in plaintext, decrypting credentials even when the password manager is not actively in use.
  • Unlike Google Chrome, which uses a secure design, Edge is the only Chromium-based browser Tom tested that exhibits this behavior; The German tech website Heise Online replicated the issue.
  • Tom writes that if an attacker gains administrative access on a terminal server, they can access the memory of all logged-on user processes, violating established cybersecurity best practices.
  • After Tom disclosed the findings to Microsoft, the company responded by stating the password behavior in Edge was "by design," though Mashable has requested further information.
  • Concerned users should consider alternative password managers to protect sensitive credentials, given Microsoft's alleged response to Tom regarding the security issue.
Insights by Ground AI
Podcasts & Opinions

19 Articles

Tom's GuideTom's Guide
Center

Microsoft Edge has a huge password vulnerability claims researcher

Microsoft's Chromium-based Edge browser reportedly stores saved passwords in cleartext by design.

Read Full Article
MashableMashable
Left

Microsoft Edge storing passwords as plain text? Microsoft responds.

A cybersecurity researcher claims that Microsoft Edge's password manager is storing users' login credentials in plain text.

·United States
Read Full Article
ForbesForbes
Center

Microsoft Says Edge Password Security Vulnerability Is ‘By Design’—Is It Time To Switch To Chrome?

Microsoft Edge loads all your saved passwords, decrypted and in plaintext, into memory at startup. Google Chrome doesn’t—is it time to switch browser?

·United States
Read Full Article
Clubic.comClubic.com

Be Careful, Microsoft Edge Stores Your passwords... in Plain Language! And It's Not a Bug

A Norwegian security researcher has discovered that the Microsoft Edge password manager keeps all the logged identifiers in live memory from the start of the browser, including for sites you do not visit. Microsoft has confirmed that this is a deliberate choice.

Read Full Article
diarioestrategia.cldiarioestrategia.cl

A Researcher Warns that Microsoft Edge Stores Passwords in Plain Text in Memory

A cybersecurity researcher has warned that Microsoft Edge stores passwords in memory in plain text, posing a risk especially in shared environments. ...

Read Full Article
Developpez.comDeveloppez.com

Microsoft Edge: Passwords Are Stored in Plain Space in Memory~? While Edge's Password Manager Seems Secure~? with Encrypted and Protected Storage

Password managers are supposed to help store login identifiers safely, avoiding users from having to memorize them. In general, they are stored in the cloud with end-to-end encryption. Passwords should also be decrypted in memory only for a short period of time. However, Microsoft's password manager in the Edge browser fails on this point. According to one report, passwords are stored in memory.

Read Full Article
Think freely.Subscribe and get full access to Ground NewsSubscriptions start at $9.99/yearSubscribe

Bias Distribution

  • 67% of the sources are Center
67% Center

Factuality Info Icon

To view factuality data please Upgrade to Premium

Ownership

Info Icon

To view ownership data please Upgrade to Vantage

itavisen.no broke the news on Monday, May 4, 2026.
Too Big Arrow Icon
Sources are mostly out of (0)

Similar News Topics

Microsoft icon

Microsoft

Cyberattacks icon

Cyberattacks

Startups icon

Startups

Cybersecurity icon

Cybersecurity

News
Feed Dots Icon
For You
Search Icon
SearchBlindspot LogoBlindspotLocal