Microsoft Edge update prevents password storage in memory at launch
Microsoft Updates Edge to Protect Saved Passwords
In response to a recent security concern, Microsoft has updated its Edge web browser to prevent saved passwords from being loaded into memory in clear text at startup.
According to Microsoft, “this change comes as a result of a disclosure made on May 4 by a security researcher, who demonstrated that all credentials stored in the Edge built-in password manager were decrypted on launch and kept in memory even when not in use.” The researcher had reported the issue to Microsoft and was initially told that the behavior was “by design,” however, after public disclosure, Microsoft acknowledged the concern and took steps to rectify the situation.
Fix Already Live in Edge Canary Channel
The fix is already live in the Edge Canary channel and will be included in the next update for all supported Edge releases (build 148 and newer).
Microsoft states that the decision to make this change was driven by the company’s commitment to the Secure Future Initiative and customer feedback. The initiative aims to take a broader view of security, not just meeting the bar for a security issue but also reducing exposure through defense-in-depth improvements.
Improved Security for Users
As a result of this change, users can expect improved protection for their saved passwords, which should mitigate the risk of unauthorized access to sensitive information.
About Author
English