A Norwegian researcher discovered that Microsoft Edge's Password Manager decrypts all saved credentials at startup and keeps them in process memory as plain text, even after the browser is closed and reopened. Microsoft dismissed the finding as 'by design,' but security experts strongly disagree, calling it a serious risk especially on shared machines. Unlike Edge, Google Chrome uses App Bound Encryption to prevent credentials from sitting in process memory unencrypted. Security professionals argue the issue is not a technical limitation but a motivational one, and recommend users consider alternative password managers.
Sort: