Microsoft Edge Exposes Saved Passwords in Plaintext Memory
What Happened — Security researcher Tom Rønning discovered that Microsoft Edge loads all stored passwords into system memory as cleartext, allowing any process with sufficient privileges to read them. The flaw does not require user interaction and can be exploited by malware or a malicious insider.
Why It Matters for TPRM —
- Credential theft from a widely‑deployed browser can cascade to SaaS, ERP, and cloud services used by third‑party vendors.
- Existing password‑manager controls may be bypassed if browsers expose secrets in RAM.
- The issue highlights the need for strict endpoint hardening and memory‑access controls across the supply chain.
Who Is Affected — Enterprises across all sectors that permit employees to use Microsoft Edge for web access and rely on its built‑in password manager.
Recommended Actions —
- Instruct users to disable Edge’s password saving feature or migrate to a dedicated password manager with zero‑knowledge architecture.
- Enforce least‑privilege policies and application‑control solutions to block unauthorized memory‑reading tools.
- Verify that endpoint detection and response (EDR) solutions flag anomalous process memory access.
Technical Notes — The vulnerability stems from Edge’s credential store loading plaintext passwords into process memory during autofill. No CVE has been assigned yet; the issue is reproducible on Windows 10/11 with the latest Edge builds. Affected data includes usernames and passwords for any site saved in the browser. Source: HackRead