Microsoft Edge stores all saved user passwords in plaintext within system memory upon startup, creating a potential security vulnerability that distinguishes it from other Chromium-based web browsers.

Key Points

• Security researcher @L1v1ng0ffTh3L4N discovered that Edge decrypts and loads all stored credentials into process memory immediately after the browser launches.
• Unlike Chrome, which only decrypts passwords when specifically requested for autofill or management, Edge maintains these credentials in plaintext regardless of active site usage.
• Attackers with administrative access to a terminal server can potentially scrape these plaintext passwords directly from the memory of logged-on user processes.
• Microsoft confirmed the behavior is an intentional design choice intended to improve browser performance and user authentication speed.
• The company advises users to maintain updated security software and operating system patches to mitigate the risk of malware exploiting this memory-based design.

Why it Matters

This design choice creates a significant security risk for users on shared or compromised systems where malware could harvest credentials from memory. While Microsoft maintains that this approach balances performance with usability, it highlights a divergence in security standards between Edge and other Chromium-based browsers.