A security researcher recently discovered that the Microsoft Edge browser loads all saved passwords into memory in plaintext format during startup. This design significantly raises the risk of password theft by malware or hackers. Among the Chromium-based browsers tested, Edge was the only one found to exhibit this behavior. In contrast, Google Chrome only loads passwords into memory in plaintext when a user explicitly requests to view them.

A Microsoft spokesperson clarified that this approach is a deliberate design choice aimed at expediting the login and authentication process. The spokesperson argued that the prerequisite for data theft is that the device has already been compromised. Therefore, the design must strike a balance between performance, usability, and security. Microsoft advises users to install the latest security updates and antivirus software to mitigate potential threats. The company acknowledged awareness of the issue but stated that it has no plans to modify this design, instead recommending that users keep their PC security updates up to date.