Microsoft Edge Stores Passwords in Cleartext Memory at Launch
Why it matters: Indian organizations using Microsoft Edge should be aware of this vulnerability and consider advising users on alternative password management or browser usage until a patch is released.
A security researcher has uncovered a critical vulnerability in Microsoft Edge, revealing that the browser decrypts and stores all saved passwords in cleartext process memory upon launch. This exposure occurs regardless of user activity, making credentials susceptible to memory scraping attacks. The flaw, disclosed by PaloAltoNtwks Norway, highlights a significant risk to user data.
Source: Cybersecurity News