HomeIntelligenceBrief
BREACH BRIEF🟢 Low Advisory

Microsoft Edge Stops Loading Saved Passwords in Clear Text at Startup

Microsoft Edge will no longer decrypt the entire password store at launch, limiting clear‑text credential exposure in process memory. The change is live in Canary and will roll out to all supported builds, improving defense‑in‑depth for enterprises that rely on the browser.

LiveThreat™ Intelligence · 📅 May 18, 2026· 📰 malwarebytes.com
🟢
Severity
Low
AD
Type
Advisory
🎯
Confidence
High
🏢
Affected
2 sector(s)
Actions
3 recommended
📰
Source
malwarebytes.com

Microsoft Edge Stops Loading Saved Passwords in Clear Text at Startup

What Happened — Microsoft announced a change to Edge’s password manager: saved credentials will no longer be decrypted and kept in clear‑text memory when the browser starts. The new behavior is already live in the Canary channel and will roll out to Stable, Beta, Dev and Extended Stable builds (≥ 148).

Why It Matters for TPRM

  • Reduces the attack surface for credential‑theft malware that reads process memory.
  • Aligns Edge with the security posture of other Chromium browsers, limiting a known “defense‑in‑depth” gap.
  • Signals Microsoft’s proactive hardening of a widely‑deployed endpoint product used by many third‑party vendors.

Who Is Affected — Enterprises and SaaS providers that rely on Microsoft Edge for web access and password autofill across all industry sectors.

Recommended Actions

  • Verify that your organization’s Edge deployments are updated to build 148 or later.
  • Review internal policies on browser‑based password storage; consider disabling autofill for high‑risk accounts.
  • Encourage use of multi‑factor authentication (MFA) and dedicated password managers for privileged credentials.

Technical Notes — The previous design decrypted the entire password vault at launch, exposing all stored secrets in process memory. The new design decrypts on‑demand, only when a credential is needed for autofill or password management. No CVE was issued; the change is a hardening measure rather than a patch for an exploitable bug. Source: Malwarebytes Labs

📰 Original Source
https://www.malwarebytes.com/blog/news/2026/05/microsoft-is-changing-edges-plaintext-password-behavior

This LiveThreat Intelligence Brief is an independent analysis. Read the original reporting at the link above.

From the Verisq platform · SOC 2 Readiness

Could you prove your access controls held up here?

Credential and access failures map directly to SOC 2 access-control criteria. The Verisq AI Trust Operations platform shows where your evidence is thin before an auditor — or an attacker — finds out.

Explore the Verisq AI Trust Operations platform →