Overview
- Microsoft said Tuesday the behavior is “by design” and argued passwords in RAM are exposed only after a device or user session is already compromised.
- Researcher Tom Jøran Sønstebyseter Rønning showed Edge decrypts every saved login at launch and keeps them readable in the browser’s process memory.
- Independent tests, including from SANS, reproduced password extraction from a running Edge session, and a proof‑of‑concept dumper is now posted on GitHub.
- Experts warn the biggest risk is on terminal servers, remote desktops, and VDI setups where an admin or malware can read other users’ Edge memory.
- Researchers note Chrome decrypts passwords only when needed and ties keys to the app, and they urge users to move credentials from Edge to a dedicated manager.