Microsoft Edge plaintext credential exposure via process memory vulnerability
Summary
Hide ▲
Show ▼
A vulnerability in Microsoft Edge allows local administrators to extract plaintext user passwords from the browser’s process memory, even when credentials are not actively in use. The flaw stems from Edge storing all saved passwords in cleartext in memory upon startup, a behavior unique among Chromium-based browsers. Exploitation requires prior compromise of the target device and enables memory dumping via the Windows Task Manager to retrieve credentials. Microsoft has defended the design choice as intentional to speed up sign-in processes.
Timeline
-
07.05.2026 14:33 1 articles · 1h ago
Microsoft Edge plaintext password exposure in process memory disclosed
A security researcher demonstrated that Microsoft Edge stores all user passwords in cleartext process memory upon startup, enabling credential extraction via memory dumping if an attacker has local administrative privileges. The behavior is unique to Edge among Chromium-based browsers and is defended by Microsoft as a performance optimization for faster sign-in processes.
Show sources
- ThreatsDay Bulletin: Edge Plaintext Passwords, ICS 0-Days, Patch-or-Die Alerts and 25+ New Stories — thehackernews.com — 07.05.2026 14:33
Information Snippets
-
Microsoft Edge decrypts and retains all stored passwords in process memory at startup, persisting them in cleartext even when not actively used.
First reported: 07.05.2026 14:331 source, 1 articleShow sources
- ThreatsDay Bulletin: Edge Plaintext Passwords, ICS 0-Days, Patch-or-Die Alerts and 25+ New Stories — thehackernews.com — 07.05.2026 14:33
-
An attacker with local administrative privileges can dump Edge's "browser" subprocess memory via Task Manager to extract plaintext credentials.
First reported: 07.05.2026 14:331 source, 1 articleShow sources
- ThreatsDay Bulletin: Edge Plaintext Passwords, ICS 0-Days, Patch-or-Die Alerts and 25+ New Stories — thehackernews.com — 07.05.2026 14:33
-
Edge is the only Chromium-based browser observed to store all passwords in plaintext memory; other browsers encrypt credentials on-demand.
First reported: 07.05.2026 14:331 source, 1 articleShow sources
- ThreatsDay Bulletin: Edge Plaintext Passwords, ICS 0-Days, Patch-or-Die Alerts and 25+ New Stories — thehackernews.com — 07.05.2026 14:33
-
Microsoft attributes this behavior to performance optimization for faster sign-in processes, despite the security implications.
First reported: 07.05.2026 14:331 source, 1 articleShow sources
- ThreatsDay Bulletin: Edge Plaintext Passwords, ICS 0-Days, Patch-or-Die Alerts and 25+ New Stories — thehackernews.com — 07.05.2026 14:33