The Edge browser has a significant issue regarding password security, but Microsoft claims it is intentional.

The Edge browser has a significant issue regarding password security, but Microsoft claims it is intentional.

      A researcher has discovered that Microsoft Edge reveals all saved passwords in clear text memory during every session.

      If you utilize Microsoft Edge to save your passwords, there is an important detail to consider. Each time you launch the browser, it decrypts all stored passwords and loads them into memory in clear text, where they remain for the duration of your session. This means that your passwords are left unprotected in your device’s memory, even if you don't visit any of the websites associated with them.

      Security researcher Tom Rønning found this issue and reported it to Microsoft. However, the company stated that this behavior is intentional.

      Microsoft Edge loads all saved passwords into memory in clear text, even when they are not in use. pic.twitter.com/ci0ZLEYFLB— Tom Jøran Sønstebyseter Rønning (@L1v1ng0ffTh3L4N) May 4, 2026

      Edge is the sole Chromium-based browser that saves passwords in this way.

      Microsoft Edge is built on Chromium, the same open-source foundation as Google Chrome. However, Chrome manages passwords quite differently, decrypting them only when needed, such as for autofill.

      Additionally, Chrome employs a feature known as Application-Bound Encryption, which links decryption keys to an authenticated Chrome process, making it considerably more challenging for attackers to extract passwords from memory. Microsoft Edge does not have this feature.

      Rønning examined several Chromium-based browsers and determined that Edge was the only one that loaded all saved passwords into memory at startup and left them exposed in clear text.

      What is Microsoft’s response, and should there be concerns?

      In a statement to CyberNews, Microsoft mentioned that this behavior is designed to facilitate quicker sign-ins, asserting that exploiting it would necessitate an attacker having administrative access to the device.

      Security experts widely concur that having admin-level access essentially constitutes a full system compromise, regardless of the browser being used. Nevertheless, cybersecurity professionals caution that modern info-stealer malware specifically targets the gap between encrypted storage and runtime exposure, making the presence of clear text passwords in memory a genuine risk.

      The consensus among security experts is clear: refrain from saving passwords in your browser and opt for a dedicated password manager instead.

      Manisha Priyadarshini is a tech and entertainment writer with over nine years of editorial experience.

      Kids are circumventing online age checks by drawing fake beards on their faces.

      Children are finding humorous ways to bypass age verification checks online. A recent report from Internet Matters indicates that some kids are drawing facial hair on themselves to deceive age-estimation tools into believing they are older. One parent reported that their 12-year-old used an eyebrow pencil to draw a mustache and was mistakenly verified as 15.

      Can drawing a fake beard truly fool online age checks?

      Read more

      Asus Zenbook S16 OLED review: A well-rounded ultrabook that plays it too safe.

      I enjoyed the ZenBook S16, but it ultimately falls just short of greatness.

      View at Best Buy

      Quick Take

      Google Search updates aim to make AI responses a starting point for users, rather than a dead end.

      Five new features, including a Further Exploration section and inline link previews, are designed to encourage users to click through to websites from AI Mode and AI Overviews.

      Google's AI-driven Search features have significantly transformed how we search for information. Now, instead of sifting through search results, most people read the AI Overview and move on. Google is attempting to change this with five updates to AI Mode and AI Overviews, which aim to highlight more links and provide users with additional motivation to visit the associated websites.

      Further Exploration and inline links

      Read more

The Edge browser has a significant issue regarding password security, but Microsoft claims it is intentional. The Edge browser has a significant issue regarding password security, but Microsoft claims it is intentional. The Edge browser has a significant issue regarding password security, but Microsoft claims it is intentional. The Edge browser has a significant issue regarding password security, but Microsoft claims it is intentional. The Edge browser has a significant issue regarding password security, but Microsoft claims it is intentional. The Edge browser has a significant issue regarding password security, but Microsoft claims it is intentional.

Other articles

Anthropic has incorporated SpaceX's computing resources and increased the rate limits for the Opus API. Anthropic has incorporated SpaceX's computing resources and increased the rate limits for the Opus API. Anthropic has increased Claude Code's five-hour rate limits twofold and elevated Opus API rate limits, referring to a new computing agreement with SpaceX for Colossus 1. Apple TV receives a dozen Tony nominations and is set to achieve an unexpected rare recognition that caught me off guard. Apple TV receives a dozen Tony nominations and is set to achieve an unexpected rare recognition that caught me off guard. Apple is close to achieving an EGOT after receiving 12 Tony nominations for Schmigadoon!, a theatrical version of its original Apple TV Plus series. G42's Core42 has signed a lease for 20MW in a repurposed office building in Minneapolis as the UAE broadens its AI data center presence in the US. G42's Core42 has signed a lease for 20MW in a repurposed office building in Minneapolis as the UAE broadens its AI data center presence in the US. Core42, a division of G42 that is developing Stargate UAE, is utilizing 20MW in a conversion of Minneapolis office space into a data center. The rise of AI is now filling the offices that were previously vacated. Google Search updates aim to transform AI responses into a starting point for your inquiries rather than a concluding one. Google Search updates aim to transform AI responses into a starting point for your inquiries rather than a concluding one. Google is launching five updates to AI Mode and AI Overviews in Search aimed at highlighting more links and encouraging users to visit the websites associated with them. Uber's Q1 2026 report shows a revenue shortfall, yet the stock price rises by 10% as autonomous rides increase tenfold. Additionally, Uber One reaches 50 million members, and bookings experience a 25% rise. Uber's Q1 2026 report shows a revenue shortfall, yet the stock price rises by 10% as autonomous rides increase tenfold. Additionally, Uber One reaches 50 million members, and bookings experience a 25% rise. Uber fell short of its Q1 revenue by $90 million, yet its stock jumped 10%. Gross bookings reached $53.7 billion, while autonomous vehicle trips increased tenfold, and Uber One gained 50 million members. The market views Uber as a platform rather than just a taxi service. Supreme Court refuses to postpone the contempt order regarding Apple's App Store. Supreme Court refuses to postpone the contempt order regarding Apple's App Store. On Wednesday, Justice Elena Kagan, representing the US Supreme Court, rejected Apple's request for an emergency stay, allowing the contempt order from the Ninth Circuit to remain effective.

The Edge browser has a significant issue regarding password security, but Microsoft claims it is intentional.

A security researcher discovered that Microsoft Edge loads all stored passwords into unencrypted memory upon startup, leaving them vulnerable for the duration of the session, even if they are not actively in use.