[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fCJHU9v57U-kKptkwee_aQncpxESjOMzRGZ4EP_9UvCw":3},{"article":4,"iocs":54},{"id":5,"title":6,"slug":7,"summary":8,"ai_summary":9,"brief":10,"full_text":11,"url":12,"image_url":13,"published_at":14,"ingested_at":15,"relevance_score":16,"entities":17,"category_id":33,"category":34,"article_tags":38},"7c513f1c-3d36-42ab-b012-bf5845504149","Researcher Shows Edge Browser Stores Saved Passwords in Plaintext","researcher-shows-edge-browser-stores-saved-passwords-in-plaintext-315eaf","Cybersecurity expert Tom Rønning finds Microsoft Edge loads all saved passwords into computer memory as cleartext, making them easy for hackers to steal.","Security researcher Tom Rønning discovered that Microsoft Edge loads all saved passwords into computer memory as plaintext, unlike competitors like Chrome which use App-Bound Encryption. This design choice poses significant security risks, especially in shared environments like Citrix or VDI where attackers with administrative access can dump passwords from multiple users. Microsoft acknowledged the finding but stated it was intentional due to performance-security tradeoffs and has no plans to change it.","Microsoft Edge stores saved passwords in plaintext memory, making them easily accessible to attackers.","Security Microsoft PrivacyResearcher Shows Edge Browser Stores Saved Passwords in Plaintext Cybersecurity expert Tom Rønning finds Microsoft Edge loads all saved passwords into computer memory as cleartext, making them easy for hackers to steal. byDeeba AhmedMay 7, 20263 minute read Microsoft has recently come under fire for how its Edge browser handles your saved passwords. A security expert named Tom Jøran Sønstebyseter Rønning has shared a worrying discovery about the Microsoft Edge web browser. It turns out that when you use Edge to save your passwords, the browser turns them into plaintext as soon as the app starts. For context, Plaintext means the passwords are not scrambled or hidden. They sit in the computer memory as plain words that anyone with administrative privileges or SYSTEM-level access can read. Rønning shared these findings at a tech event in Oslo called Big Bite of Tech 26. The event was hosted by the research firm Palo Alto Networks Norway. He explained that Edge is the only browser he tested that works this way, whereas other browsers like Google Chrome are safer because they use a method called App-Bound Encryption (ABE). This feature locks the passwords to the specific browser app and only unscrambles them when you actually need to log in to a site. Once you are done, the browser hides them again. Why is this a problem for users The main worry is that these passwords stay in the computer memory even if you never visit the websites they belong to. To show how easy it is to see this data, Rønning created a tool called EdgeSavedPasswordsDumper and put it on GitHub. This tool proves that if a hacker or an infostealer gets control of a computer, they can scan the process memory of the browser to find these saved passwords. This is a big deal for offices that use terminal servers, Citrix, or Virtual Desktop Infrastructure (VDI), where many people share one machine. In these shared setups, an attacker with administrative rights can perform cross-process memory access to see the data of every user who is logged in and then steal passwords from people who aren’t even using the browser at that moment. Video demo shared by the researcher What Microsoft says about the issue When Rønning told Microsoft about this, the company said the setup was by design. The company maintains that they have to balance how fast the browser works with how safe it is. They believe that if a hacker has already gained in-depth access to your computer to scan the memory, the device is already in big trouble. Because Microsoft doesn’t plan to change this soon, some experts suggest changing how you save your details. While Chrome uses better protection to stop other processes from stealing its keys, no browser is perfect. So, it’s better to use a separate password app instead of saving them inside your web browser, as this will keep your data away from the browser’s memory, where hackers can easily find it. Jøran Sønstebyseter Rønning on X, advising a quick fix in his tweet earlier today Experts’ Perspectives Experts shared their thoughts with Hackread.com, warning that this design choice creates a massive safety gap. Craig Lurey, from the Chicago-based firm Keeper Security, noted that while Windows tries to keep apps separate, one program can still often “pillage” the memory of another. He added that since plaintext passwords exist in Edge’s memory, other processes can read them “without restriction.” To fight this, his firm created Keeper Forcefield, which uses kernel-level protection to block hackers from reading app memory even if the computer is already compromised. Morey Haber, from the Atlanta-based firm BeyondTrust, also criticised the move. He explained that passwords should be “transient secrets” that are used and then quickly discarded. “The moment a password is retained in clear text memory… it stops being an authentication mechanism and becomes a liability,” Haber warned. He added that if a password can be read in memory by a human or a malicious process, “it is already compromised.” Deeba Ahmed Deeba is a veteran cybersecurity reporter at Hackread.com with over a decade of experience covering cybercrime, vulnerabilities, and security events. Her expertise and in-depth analysis make her a key contributor to the platform’s trusted coverage. View Posts BrowserCybersecurityEdgeInfostealerMicrosoftPasswordPrivacyVulnerability Leave a Reply Cancel reply View Comments (0) Related Posts Read More Security Malware Scams and Fraud Fake CleanMyMac Site Uses ClickFix Trick to Install SHub Stealer on macOS Researchers warn of a fake CleanMyMac site using a ClickFix attack to install SHub Stealer on macOS and steal passwords and crypto wallets. byWaqas Malware Security Google Firebase cloud messaging abused to spread Android malware Dubbed Firestarter by researchers; the Android malware campaign is exploiting the Kashmir issue between India and Pakistan… byWaqas Hacking News Security Hackers leave ransom note after wiping out MongoDB in 13 seconds For the last couple of years, hackers have been exploiting unprotected MongoDB based servers to steal data and hold… byWaqas Read More Cyber Crime Security Chinese Vigorish Viper Exploits DNS and Football Sponsorships for Illegal Gambling Unmasking Vigorish Viper: The Elusive Cybercrime Network Behind Illegal Gambling. Learn how this sophisticated group uses clever DNS… byDeeba Ahmed","https:\u002F\u002Fhackread.com\u002Fedge-browser-stores-saved-plaintext-passwords\u002F","https:\u002F\u002Fhackread.com\u002Fwp-content\u002Fuploads\u002F2026\u002F05\u002Fwhy-microsoft-edge-keeps-your-saved-passwords-in-plaintext.jpg","2026-05-07T15:04:56+00:00","2026-05-07T16:00:15.384953+00:00",8,[18,21,23,26,28,30],{"name":19,"type":20},"Microsoft Edge","product",{"name":22,"type":20},"Google Chrome",{"name":24,"type":25},"Microsoft","vendor",{"name":27,"type":25},"Google",{"name":29,"type":20},"EdgeSavedPasswordsDumper",{"name":31,"type":32},"App-Bound Encryption","technology","80544778-fabb-4dcd-aa35-17492e5dcf4f",{"id":33,"icon":35,"name":36,"slug":37},null,"Vulnerabilities","vulnerabilities",[39,44,49],{"category":40},{"id":41,"icon":35,"name":42,"slug":43},"02371804-cf6d-4449-98de-f1a2d4d9b266","Tools","tools",{"category":45},{"id":46,"icon":35,"name":47,"slug":48},"2c8f44d4-b56e-47cf-9677-04f22c9ee78d","Identity & Access","identity-access",{"category":50},{"id":51,"icon":35,"name":52,"slug":53},"614132b8-5837-4952-b8b5-c6c9a32a1d85","Privacy","privacy",[55],{"type":56,"value":57,"context":58},"malware","SHub Stealer","Referenced as macOS password\u002Fcrypto wallet stealing malware in related article"]