HomeIntelligenceBrief
BREACH BRIEF🟠 High Advisory

Microsoft Edge to Stop Loading Saved Passwords into Memory – Reducing Credential Exposure

Microsoft will change Edge so saved passwords are no longer loaded into clear‑text memory at startup, addressing a researcher‑disclosed vulnerability that allowed admin‑level dumping of credentials. The fix rolls out to all supported Edge channels, lowering the risk of credential theft for enterprises that rely on the browser’s built‑in password manager.

LiveThreat™ Intelligence · 📅 May 16, 2026· 📰 bleepingcomputer.com
🟠
Severity
High
AD
Type
Advisory
🎯
Confidence
High
🏢
Affected
2 sector(s)
Actions
4 recommended
📰
Source
bleepingcomputer.com

Microsoft Edge to Stop Loading Saved Passwords into Memory – Reducing Credential Exposure

What Happened — Microsoft announced that future releases of the Edge browser will no longer load saved passwords into clear‑text process memory at startup. The change follows a disclosure by security researcher Tom Jøran Sønstebyseter Rønning, who showed that all credentials stored in Edge’s built‑in password manager were decrypted and kept in memory, allowing an attacker with administrative privileges to dump them. The fix is already live in the Edge Canary channel and will roll out to all supported Edge versions (Stable, Beta, Dev, Canary, and Extended Stable).

Why It Matters for TPRM

  • Credential data that is readily accessible in memory creates a low‑effort path for insider or post‑compromise attackers to harvest usernames and passwords.
  • Many enterprises rely on Edge’s native password manager for internal SaaS logins; exposure could lead to lateral movement across critical systems.
  • The issue highlights the need to monitor vendor‑owned security features for “by‑design” behaviors that may conflict with defense‑in‑depth policies.

Who Is Affected — Organizations across all sectors that deploy Microsoft Edge as a primary browser, especially those that enable the built‑in password manager for employee use.

Recommended Actions

  • Verify that Edge is updated to the latest build (≥ 148) on all corporate endpoints.
  • Review internal policies on browser‑based password storage; consider alternative credential vaults for high‑value accounts.
  • Enable monitoring for anomalous process‑memory access on endpoints with administrative accounts.
  • Communicate the change to security teams and update threat models to reflect the reduced exposure.

Technical Notes — The vulnerability stemmed from Edge’s design that decrypted stored credentials on launch and retained them in clear text within the process address space. No CVE has been assigned yet; the attack vector required local administrator or same‑user access to dump memory. Data at risk: saved website usernames and passwords. Source: BleepingComputer

📰 Original Source
https://www.bleepingcomputer.com/news/microsoft/microsoft-edge-to-stop-loading-cleartext-passwords-in-memory-on-startup/

This LiveThreat Intelligence Brief is an independent analysis. Read the original reporting at the link above.

Monitor Your Vendor Risk with LiveThreat™

Get automated breach alerts, security scorecards, and intelligence briefs when your vendors are compromised.

Start Free Trial → Learn About Scorecards
← All Intelligence Briefs Breach Watch Feed →