CyberIntel ⬡ News
★ Saved ◆ Cyber Reads
← Back ◇ Industry News & Leadership May 19, 2026

Microsoft Edge Stops Loading Saved Passwords Into Memory at Startup

Cybersecurity News Archived May 19, 2026 ✓ Full text saved

Microsoft has announced a significant security improvement in its Edge browser, eliminating the practice of loading saved passwords into process memory at startup. The change comes as part of the company’s broader Secure Future Initiative (SFI), which aims to strengthen defense-in-depth protections across its products. The update follows a public disclosure by security researcher Tom […] The post Microsoft Edge Stops Loading Saved Passwords Into Memory at Startup appeared first on Cyber Security

Full text archived locally
✦ AI Summary · Claude Sonnet


    HomeCyber Security News Microsoft Edge Stops Loading Saved Passwords Into Memory at Startup By Abinaya May 19, 2026 Microsoft has announced a significant security improvement in its Edge browser, eliminating the practice of loading saved passwords into process memory at startup. The change comes as part of the company’s broader Secure Future Initiative (SFI), which aims to strengthen defense-in-depth protections across its products. The update follows a public disclosure by security researcher Tom Jøran Sønstebyseter Rønning, who found that Microsoft Edge loaded stored passwords into memory in clear text during browser startup. While Microsoft acknowledged the finding, it clarified that the behavior aligned with its existing threat model and did not introduce a new security vulnerability. According to Microsoft, the reported scenario assumes that an attacker already has control over the victim’s device. In such cases, where malicious code can execute locally with elevated privileges, browsers and other applications are generally unable to prevent credential access. Edge Stops Password Memory This limitation is consistent across all modern browsers and is considered outside the scope of standard browser threat models. Despite this, Microsoft emphasized that reducing unnecessary exposure of sensitive data remains a priority. As a result, the company has implemented a defense-in-depth improvement to prevent passwords from being loaded into memory during startup. “This change is a proactive step to minimize potential attack surfaces, even in scenarios that fall outside our defined security boundaries,” Microsoft stated. The fix has already been deployed in Edge Canary builds and will be rolled out across all supported versions, including Stable, Beta, Dev, and Extended Stable channels. The Microsoft Edge 148 update arrives automatically with no user action required. Microsoft reassured users that there is no new exposure or increased risk associated with the previously reported behavior. The company reiterated that access to in-memory credentials would only be possible if an attacker had already compromised the system at an advanced stage of intrusion beyond typical browser-level protections. In addition to this change, Microsoft highlighted its continued investment in layered security mechanisms. These include sandboxing technologies, renderer isolation, and proactive defenses such as the Scareware Blocker, which helps protect users from malicious websites. The company also acknowledged the importance of the security research community. It indicated that it is reviewing its internal processes for handling vulnerability reports. Microsoft plans to improve response speed, communication clarity, and the integration of defense-in-depth considerations earlier in the evaluation process. This move reflects a broader industry trend toward hardening software against complex, multi-stage attacks. By limiting how and when sensitive data, such as passwords, is exposed in memory, Microsoft Edge aims to reduce the risk of credential theft, even in edge-case scenarios. Follow us on Google News, LinkedIn, and X to Get More Instant Updates. Tags cyber security cyber security news Copy URL Linkedin Twitter ReddIt Telegram Abinayahttps://cybersecuritynews.com/ Abi is a Security Editor and fellow reporter with Cyber Security News. She is covering various cyber security incidents happening in the Cyber Space. Trending News Linus Torvalds Says AI Bug Reports Have Made Linux Security Mailing List Unmanageable Hackers Hijack Microsoft Teams Users Account to Deliver ModeloRAT Zoom Rooms and Workplace Vulnerabilities Allow Attackers to Escalate Privileges Hackers Compromise @antv Packages in Mini Shai-Hulud npm Attack Wave Critical WordPress Plugin Vulnerability Exposes Websites to Authentication Bypass Attacks Latest News Cyber Security News New VoidStealer Malware Bypasses Chrome’s Protection to Steal User Data Cyber Security News Nx Console VS Code Extension Compromised to Steal Developer and Cloud Secrets Cyber Security News Microsoft to Retire Teams Together Mode to Enhance Performance Improvements Cyber Security News Critical Marimo Security Vulnerability Enables Remote Code Execution Attacks Cyber Security News Critical SEPPmail Gateway Flaws Allow Remote Code Execution and Mail Traffic Theft
    💬 Team Notes
    Article Info
    Source
    Cybersecurity News
    Category
    ◇ Industry News & Leadership
    Published
    May 19, 2026
    Archived
    May 19, 2026
    Full Text
    ✓ Saved locally
    Open Original ↗