Contact us
Contact us

News

About

Home Crypto News Edge stops loading saved passwords in plain text at startup

Edge stops loading saved passwords in plain text at startup

Author Stacey Carnaval
Posted: 18 May 2026, 11:11 CET | Updated: 18 May 2026, 14:28 CET 2 min read
Edge stops loading saved passwords in plain text at startup

Microsoft will prevent Edge from loading saved passwords in clear text at startup; passwords will be decrypted only for autofill or password management. The change is in Canary and is rolling out.

Microsoft will change Edge so saved passwords are no longer loaded into memory in clear text at browser startup. Passwords will be decrypted only when the browser performs autofill or password management tasks. The update is available in the Canary channel and is being prioritized for Stable, Beta, Dev, Canary and Extended Stable builds 148 and newer.

A researcher reported that the previous behavior decrypted the entire saved‑password store at startup and kept credentials in clear text in process memory for the duration of the session. The researcher noted, “Edge is the only Chromium‑based browser I’ve tested that behaves this way. By contrast, Chrome uses a design that makes it far harder for attackers to extract saved passwords by simply reading process memory.”

Microsoft initially designed Edge to load saved passwords at startup but has revised the approach. Gareth Evans, Microsoft Edge Security Lead, described the change as a defense‑in‑depth improvement and added: “Going forward, Microsoft Edge will no longer load all saved passwords into memory at browser startup. Instead, passwords will be decrypted only when needed for autofill or password management operations.”

Microsoft said narrowing when passwords are decrypted reduces the time credentials appear in clear text in process memory and brings Edge’s behavior closer to other Chromium browsers. The company said the change should lower the chance that an attacker can harvest all saved passwords by reading process memory.

Security guidance accompanying the update recommends enabling multi‑factor authentication where available, avoiding storage of payment card details and sensitive personal data in a browser vault, and disabling autofill for sites that hold highly sensitive accounts. Users who prefer can use dedicated password managers instead of the browser’s built‑in manager.

The Canary channel already shows the new behavior. Microsoft said other channels will receive the update in upcoming builds 148 and newer.

Tags
Security
Stacey Carnaval
Author

Articles by this author

Binance’s CZ urges key rotation after GitHub breach
Binance’s CZ urges key rotation after GitHub breach
9 hours ago
SpaceX Receives First NVIDIA Vera CPUs; Musk Praises Chip
SpaceX Receives First NVIDIA Vera CPUs; Musk Praises Chip
1 day ago
CME, NYSE Parent Urge U.S. Probe of Hyperliquid
CME, NYSE Parent Urge U.S. Probe of Hyperliquid
5 days ago
UK schools remove student photos after AI deepfake extortion
UK schools remove student photos after AI deepfake extortion
6 days ago
Ethereum launches Clear Signing to make approvals human-readable
Ethereum launches Clear Signing to make approvals human-readable
may 13

Latest News

MORE
WhiteBIT launches UK crypto platform whitebit.uk

WhiteBIT launches UK crypto platform whitebit.uk

3 hours ago 2 min read
Trump orders Fed to decide crypto payment access in 120 days

Trump orders Fed to decide crypto payment access in 120 days

3 hours ago 2 min read
Binance’s CZ urges key rotation after GitHub breach

Binance’s CZ urges key rotation after GitHub breach

9 hours ago 2 min read
Bankr: Attacker Accessed 14 Wallets on AI Trading Platform

Bankr: Attacker Accessed 14 Wallets on AI Trading Platform

10 hours ago 2 min read
MORE