Microsoft backtracks on Edge storing your passwords in plaintext RAM
Microsoft has reversed its stance on the security of passwords stored in Edge, which were previously kept in plaintext in memory. This vulnerability was highlighted by a security researcher, prompting Microsoft to issue a fix in Edge version 148. Users are now advised to switch to dedicated password managers for enhanced security.
- ▪Microsoft Edge was found to store user passwords in unencrypted plaintext in computer memory.
- ▪The vulnerability was initially defended by Microsoft as a deliberate design decision.
- ▪Microsoft has since fixed the issue in Edge version 148 and recommends using dedicated password managers.
Opening excerpt (first ~120 words) tap to expand
Updated Microsoft backtracks on Edge storing your passwords in plaintext RAM When a security researcher showed that Edge passwords are plaintext readable, Microsoft initially said the behavior was intentional. By Laura Pippig Staff Writer, PC-WELT May 18, 2026 7:33 am PDT Image: Smile Studio AP / Shutterstock.com Summary created by Smart Answers AIIn summary:Microsoft Edge previously stored user passwords in unencrypted plaintext in computer memory, creating a significant security vulnerability that allowed local attackers to easily access saved credentials.Security researcher Tom Jøran Sønstebyseter Rønning exposed this flaw, which Microsoft initially defended as a deliberate design decision before reversing course.PCWorld reports that Microsoft has fixed this issue in Edge version 148…
Excerpt limited to ~120 words for fair-use compliance. The full article is at PCWorld.
Discussion
0 commentsMore from PCWorld
