Microsoft Edge to Stop Loading Cleartext Passwords into Memory on Startup
Microsoft is updating its Edge browser to prevent saved passwords from being loaded into memory in clear text at startup, reversing its earlier "by design" stance.
Microsoft is modifying its Edge browser to prevent saved passwords from being loaded into memory in clear text when the browser starts up. This change comes after initial statements from Microsoft indicated that the behavior was "by design," a stance that drew criticism from security researchers. The company has now acknowledged the security implications and is implementing a fix.
The vulnerability allowed attackers with access to a user's system to potentially retrieve saved passwords from the Edge browser's memory. While not a remote code execution flaw, it presented a significant risk for users whose machines might be compromised by other means, such as malware. The fix aims to enhance the security of stored credentials within the browser.
Microsoft has not yet provided a specific timeline for the rollout of this update, but it is expected to be included in a future Edge version. Users are encouraged to keep their Edge browser updated to the latest version to benefit from security enhancements. This change reflects a broader trend of browser vendors strengthening their security measures to protect user data from various threats.