:

MICROSOFT EDGE STORES PASSWORDS IN CLEAR TEXT

INDUSTRY DESK2 MIN READ
MON, MAY 4, 2026

■ AI-SUMMARIZED FROM 1 SOURCE ▸ TIMELINE

Microsoft Edge keeps all stored passwords unencrypted in memory, even when the browser is idle. The vulnerability means passwords remain accessible in plaintext during a system's runtime.

Security researchers have identified a significant vulnerability in Microsoft Edge where passwords are stored in system memory without encryption. The browser maintains credentials in clear text format regardless of whether users are actively using the application. This storage method creates a potential security gap. If a device is compromised—through malware, physical access, or memory dumps—attackers could extract stored passwords directly from RAM. The issue affects all passwords Edge stores, persisting as long as the browser remains in memory. The finding has gained attention in the security community, with discussion on Hacker News highlighting concerns about the implementation. While password managers typically encrypt sensitive data at rest and decrypt it only when needed, Edge's approach keeps credentials perpetually vulnerable during active sessions. Microsoft has not yet released a public statement addressing the vulnerability or timeline for fixes. The company typically handles security issues through its vulnerability disclosure process, though the severity and scope of this particular issue remain points of discussion. The discovery raises questions about Edge's password management security model compared to competitors. Other browsers implement encryption layers for stored credentials, reducing exposure if memory is accessed without authorization. Users who rely on Edge's built-in password storage may want to consider using dedicated password managers that employ stronger encryption practices. This includes applications like Bitwarden, 1Password, or LastPass, which use client-side encryption to protect credentials. The vulnerability underscores the ongoing tension between convenience and security in browser-based password management. While storing passwords locally offers speed and accessibility, implementation details significantly impact actual security.

■ SOURCES

Hacker News

■ SUMMARY WRITTEN BY AI FROM THE LINKS ABOVE

■ MORE FROM THE SECURITY DESK

Grok CLI experienced a critical bug that caused it to upload entire home directories to Google Cloud Storage. The issue sparked significant discussion in the developer community about data handling practices.

JUST NOWIndustry Desk

Aylo, Pornhub's parent company, will restore access to the site in the UK through Apple's device-level age verification system in iOS 26.4. The move requires users to complete age verification before accessing the platform.

1H AGOIndustry Desk

Australia's eSafety Commissioner has identified significant gaps in how major tech platforms address online sexual extortion. Young men are reporting sextortion at higher rates than any other demographic, with over 2,000 complaints filed in just six months.

1H AGOIndustry Desk

Angelo Martino, a ransomware negotiator, was sentenced to 70 months in prison for colluding with attackers to defraud victims. Martino helped orchestrate scams that extracted over $75 million from ransomware victims.

1H AGOSecurity Desk

■ SUBSCRIBE TO THE DAILY BRIEF

ONE EMAIL, 5 STORIES, 06:00 UTC. UNSUBSCRIBE ANYTIME.