Microsoft has released a security update for the Edge browser to address a critical vulnerability that previously stored user passwords in unencrypted plaintext within computer memory.

Key Points

• Security researcher Tom Jøran Sønstebyseter Rønning discovered that Microsoft Edge kept saved credentials in plaintext, allowing local attackers to easily extract them from RAM.
• Microsoft initially defended the practice as a deliberate design decision before reversing its position following public scrutiny.
• The vulnerability has been resolved in Edge version 148, which prevents passwords from remaining loaded in an unencrypted state.
• Experts recommend that users migrate sensitive credentials to dedicated, third-party password managers for enhanced security and encryption.

Why it Matters

This vulnerability highlights the significant risks associated with relying on browser-based credential storage, which may lack the robust security protocols found in dedicated password management software. Users should update their software immediately and consider migrating to specialized tools to ensure their sensitive data remains protected against unauthorized local access.