MICROSOFT Edge stores passwords in process memory, a design that a security researcher described as potentially enabling broad credential access in enterprise environments. A proof‑of‑concept tool demonstrated that an administrator could steal saved Edge passwords, even when the passwords are not actively in use, by exploiting this memory storage.
The researcher, Tom Jøran Sønstebyseter Rønning, said the issue arises because Edge decrypts and stores all saved credentials in memory, and he noted that Chrome and other Chromium browsers employ app‑bound encryption to limit such leakage. He reported the findings after presenting the PoC at Palo Alto Networks Norway’s BIG Bite of Tech conference and published resources for the tool on GitHub.
The article also discusses defensive steps, such as applying group policies to prevent Edge from storing passwords and favouring dedicated password managers in enterprise settings, given the risk of memory scraping on shared or privileged machines. 5 May 2026, Elizabeth Montalbano, Dark Reading.