Microsoft Edge is reportedly getting an update, which is much-needed for a security boost. The tech giant has announced that the Edge browser will stop loading saved passwords automatically into the memory every time you open the browser. This change has been made to keep your passwords safe and make it harder for the attackers to dig them up and misuse them.
What was the security concern?
The story started when security researcher Tom Jøran Sønstebyseter Rønning shared a post on his official X page (formerly known as Twitter), where he stated that Edge would load every single saved password into memory – in plain text – as soon as the browser is launched. Even if you never touched the password manager, the information was still sitting there in memory, waiting to be picked up by anyone with enough access to the device.
Basically, if someone already has access to someone’s system, then they could easily scan the browser’s memory and see all your passwords.
Microsoft's initial response
At first, Microsoft just ignored the warning by saying that this was ‘by design’, and claimed that since stealing the passwords required elevated access, it was not really a vulnerability worth worrying about.
People have been thrilled about that response, and the security experts pushed back, arguing that piling on layers of defence is always the right move.
But why leave data exposed if you do not need it?
Microsoft changes course
When Gareth Evans, the Edge’s security lead, got the message, he said that the browser will only load your passwords into memory when you actually need them. So, instead of handing over every credential at launch, the browser keeps them in the vault until you call for one. This approach is said to be part of Microsoft’s bigger Secure Future Initiative, cuts down on risks and gives users better protection by default.
You will not have to do a thing. The fix is rolling out with Edge version 148, and it will hit all supported versions soon. Updates will just arrive quietly – without boxes to check, no settings to toggle.
Passwords are the prime targets for attackers, and even if exploiting the old behaviour was tricky, no one needs their credentials lying around in memory. More tech companies are following suit, tightening browser security and looking beyond the basics.