Edge may reportedly leak all your passwords easily and Microsoft says it's "by design"

Edge stores passwords in plaintext memory at startup; a tool has been released to test against the flaw.

A cybersecurity researcher has released a proof-of-concept (PoC) tool highlighting how saved passwords are handled in Microsoft Edge. The researcher, known online as Tom Jøran Sønstebyseter Rønning, shared his findings on social media handles like X alongside a working demonstration.

According to the post, Microsoft Edge loads saved user credentials into system memory in plaintext at startup, even when those credentials are not actively in use. And the browser still asks you to log in again while it holds all the passwords unprotected in RAM.

To explain the behavior, the researcher published a tool on GitHub titled “EdgeSavedPasswordsDumper.” The project is described as an educational utility designed to help security professionals and users verify how stored credentials are managed within the browser environment. The tool works by accessing the browser’s process memory, where usernames and passwords may be stored in readable form.

According to the researcher’s observations, the parent process of Microsoft Edge consistently holds decrypted credentials, making it a potential target for extraction if an attacker gains sufficient system privileges. Organisations running shared or multi-user systems may be particularly affected, as a compromised account with administrative privileges could access data from multiple active sessions.

While the technique does not represent a remote exploit on its own, it could become relevant in scenarios where an attacker already has elevated access to a system. In such cases, memory-dumping techniques like using common administrative tools could potentially expose stored login information.

Interestingly, the issue appears to be specific to Edge among Chromium-based browsers as during testing, the researcher reported that alternatives such as Google Chrome and Brave did not exhibit the same behavior. The latter do it better by typically decrypting credentials only when needed rather than storing them persistently in memory. However, that's not to say that Chrome is flawless as we recently covered fingerpriting protection, something which Google's browser lacks.

Bizarrely, perhaps, Microsoft has apparently categorized this behavior as “by design,” when the researcher tried to inform the company about the issue. Nothing beyond that was seemingly said by Microsoft.

Thanks for the tip, Aryeh Goretsky!!!

Source

Hope you enjoyed this news post. Feedback welcome.

Posted Wednesday 6 May 2026 at 7:39 am AEST (my time).

News posts: 2023 5,800+ | 2024 5,700+ | 2025 5,700+ | 2026 (to end of April) 1,700

RIP Matrix