This post is also available in:
עברית (Hebrew)
Modern browsers have become central hubs for managing passwords, offering built-in credential storage and automatic login features for convenience. But the way those credentials are handled internally can significantly affect security, especially if attackers gain access to a system. A recent finding has drawn attention to how one browser manages saved passwords in memory during active sessions.
According to Cyber News, the Microsoft Edge decrypts all stored passwords when it launches and keeps them loaded in system memory in plain text for the duration of the session. This reportedly occurs regardless of whether the user actually visits websites tied to those credentials. The behavior differs from other Chromium-based browsers tested by the researcher, which generally decrypt passwords only when needed, such as during autofill or manual viewing.
The issue is important because information stored in cleartext memory can potentially be extracted by malicious software or attackers with sufficient system privileges. In this case, the concern centers on scenarios involving administrative-level access, where an attacker could inspect the memory of active processes and retrieve credentials directly from the browser session.
Other browsers have introduced additional protections to reduce this exposure window. Some use process-bound encryption methods that tie credential access to authenticated browser processes, limiting when and how passwords appear in readable form. By contrast, keeping all credentials continuously decrypted may simplify credential harvesting once a system is compromised.
At the same time, security experts note that exploiting the issue requires a high level of access to the target machine. An attacker capable of reading arbitrary process memory typically already has extensive control over the system. Even so, reducing unnecessary exposure of sensitive data remains an important principle in secure software design.
From a cybersecurity and defense perspective, credential security is increasingly critical as infostealer malware and memory-scraping attacks continue to evolve. Systems used in enterprise and government environments are particularly sensitive to techniques that allow attackers to extract authentication data silently from active sessions.
The findings also reinforce broader recommendations around password management. Multi-factor authentication, hardware-backed credentials, and passkeys can reduce reliance on stored passwords and limit the impact of credential theft if a device is compromised.
