:

MICROSOFT EDGE FIXES PASSWORD SECURITY FLAW

INDUSTRY DESK1 MIN READ
FRI, MAY 15, 2026

■ AI-SUMMARIZED FROM 2 SOURCES ▸ TIMELINE

Microsoft is updating Edge to stop loading saved passwords into process memory in clear text at startup, reversing its previous position that the practice was intentional.

The Redmond-based tech giant announced the security fix following criticism over how Edge handled password storage. Previously, Microsoft had defended the behavior as "by design," but the company is now addressing the vulnerability. Loading passwords into memory in plain text creates a security risk, as the data could potentially be accessed by malicious actors or other processes running on a user's system. The update will change how Edge manages credentials during startup, ensuring stored passwords remain encrypted. This reversal highlights ongoing debates within the tech industry about balancing user convenience with security best practices. The fix is expected to roll out in a future Edge update, though Microsoft has not specified an exact timeline. The move comes as browser makers face increasing scrutiny over password management and data protection. Users relying on Edge's password manager will see the security improvement without requiring manual intervention.

■ SOURCES

Bleeping ComputerBleeping Computer

■ SUMMARY WRITTEN BY AI FROM THE LINKS ABOVE

■ MORE FROM THE SECURITY DESK

Microsoft has released a patch for a zero-day vulnerability in Windows Defender that could allow attackers to exhaust hard disk space. The flaw was discovered and reported by security researcher NightmareEclipse.

1H AGOIndustry Desk

A software defect from 2006 triggered a cascading network failure that knocked out Telstra's national phone service Wednesday morning. The bug, related to daylight savings time processing, created a 'digital domino chain' that locked customers out across the country.

1H AGOIndustry Desk

The EU Parliament is advancing legislation that would require tech companies to scan for child sexual abuse material (CSAM), reviving a proposal rejected in March. End-to-end encrypted services like WhatsApp would be exempt from the requirements.

3H AGOIndustry Desk

Hackers compromised the Injective Labs SDK repository on GitHub and published a malicious package to npm that steals cryptocurrency wallet private keys and seed phrases from developers.

3H AGODev Desk

■ SUBSCRIBE TO THE DAILY BRIEF

ONE EMAIL, 5 STORIES, 06:00 UTC. UNSUBSCRIBE ANYTIME.