Microsoft Edge Password Security Update Prevents Plain Text Storage in Memory

Microsoft is rolling out a priority update for Edge to prevent passwords from being stored as plain text in memory, enhancing security across all channels.

Microsoft Edge Password Security Update Prevents Plain Text Storage in Memory

Microsoft is working on a priority update for its Edge browser to improve how passwords are stored in memory. Previously, Edge stored passwords in memory as plain text, which the company considered by design. The upcoming patch will prevent passwords from being loaded into memory as plain text.

Priority patch targets password memory exposure

The update will roll out to all supported Edge versions across all four channels, starting with version 148 and newer. The change is part of Microsoft's Secure Future Initiative and reflects a broader approach to security. A Microsoft spokesperson said the company is looking at where it can reduce exposure through defense-in-depth improvements, and reducing password exposure in memory is a practical step.

Microsoft Edge browser security update for password storage
Microsoft Edge will soon prevent passwords from being stored in plain text in memory.

Microsoft has not confirmed a specific release date for the update. The company says the patch is a priority but has not shared a timeline. Users should expect the fix to arrive in a future Edge update.

The change comes after security researchers highlighted the risk of storing passwords in plain text in memory. Microsoft's Browser Vulnerability Research team and the Microsoft Edge blog have discussed the issue. The company says it is committed to improving security beyond just fixing bugs.

Discussion

0 comments

Log in to join the thread with a thoughtful take, question, or correction.

Add to the discussion