Microsoft Edge Stores All Saved Passwords in Cleartext Process Memory at Launch

Key Points:

• A security researcher discovered that Microsoft Edge decrypts and loads all stored passwords into process memory as cleartext immediately upon browser launch, regardless of site visits, posing a significant security risk.
• Unlike Edge, Google Chrome decrypts passwords on-demand and uses App-Bound Encryption to protect credentials, preventing unauthorized access from other processes.
• Edge’s re-authentication prompt for viewing passwords is ineffective as credentials remain accessible in memory, making it vulnerable to memory-based credential extraction, especially in shared or multi-user environments.
• In multi-user systems like Remote Desktop Services, an attacker with admin privileges can extract credentials from all logged-on users by reading Edge’s process memory, escalating the threat to full credential harvesting.
• Microsoft stated this behavior is “by design” and considers local attacks outside its threat model; security teams are advised to treat this as a high-priority risk and consider switching to more secure browsers until changes are made.