Microsoft Does U-Turn On Edge ‘By Design’ Password Vulnerability
•InnovationCybersecurityMicrosoft Does U-Turn On Edge ‘By Design’ Password VulnerabilityByDavey Winder,Senior Contributor.Forbes contributors publish independent expert analyses and insights.
•Davey Winder is a veteran cybersecurity writer, hacker and analyst.Follow AuthorMay 19, 2026, 09:35am EDT--:-- / --:--This voice experience is generated by AI.
•Learn more.This voice experience is generated by AI.
هذا الخبر من Forbes. خبر يقدم أدوات ذكاء اصطناعي للتلخيص والترجمة والاستماع.
InnovationCybersecurityMicrosoft Does U-Turn On Edge ‘By Design’ Password VulnerabilityByDavey Winder,Senior Contributor.Forbes contributors publish independent expert analyses and insights. Davey Winder is a veteran cybersecurity writer, hacker and analyst.Follow AuthorMay 19, 2026, 09:35am EDT--:-- / --:--This voice experience is generated by AI. Learn more.This voice experience is generated by AI. Learn more.Microsoft pulls u-turn on Edge password security issue.SOPA Images/LightRocket via Getty ImagesMicrosoft has now confirmed that a “defense-in-depth change will come to every supported version of Edge” after initially refusing to address a password vulnerability identified for users of the web browser password manager. When I first reported that a researcher had publicly disclosed the security vulnerability, whereby all saved passwords were loaded into memory, in plaintext, at startup, Microsoft said that this happened “by design” and the behavior fell “within the expected threat model.” That was 10 days ago. Now, Microsoft has said that it will “no longer load passwords into memory on startup,” and starting with version 148 and “every supported version of Edge” will get the update, the rollout of which is now being prioritized.ForbesMy Password Has Been Stolen—What Happens Next?By Davey WinderThe Microsoft Edge Saved Passwords Vulnerability ExplainedA security researcher went public at the start of May after Microsoft told him that the password security vulnerability he had found in the Edge browser was by design, and therefore would not be moving forward with his vulnerability report or making any changes to rectify. “Microsoft Edge loads all your saved passwords into memory in cleartext,” Tom Jøran Sønstebyseter Rønning said, “even when you’re not using them.” I mean, if leaving decrypted plaintext passwords in Edge process memory after startup, regardless of whether they are used during that session, isn’t a security vulnerability, then, frankly, I’m not s...المصدر: Forbes | Source: Forbes
ملاحظة تحريرية | Editorial Note: نُشر هذا المقال في الأصل بواسطة Forbes. خبر (Khabr) هي منصة إعلامية أردنية مرخّصة تعمل بالذكاء الاصطناعي. نضيف قيمة تحريرية من خلال: تحليل ذكي للأخبار، ملخصات تلقائية، رواية صوتية بالذكاء الاصطناعي، ترجمة متعددة اللغات، وتدقيق الحقائق. هدفنا جعل الأخبار أكثر وضوحاً وسهولةً للقارئ العربي.
This article was originally published by Forbes. Khabr is a licensed Jordanian AI-powered news platform (Registration #82086). We add editorial value through: AI-powered news analysis, automated summaries, AI audio narration, multi-language translation (Arabic, English, French, Turkish), and AI fact-checking. Our mission is to make news more accessible and understandable for Arabic-speaking audiences worldwide.




