A security researcher has discovered that Microsoft Edge will load all your stored passwords into memory in plaintext at startup, making it easy for malware to scrape those passwords.
Access to browser data as described in the reported scenario would require the device to already be compromised.
Encrypting passwords / loading them into memory on an as-requested basis limits the scope of what gets compromised on a compromised device. The “performance” insinuation in the article is BS, other browsers autofill just fine without keeping all passwords plaintext in memory.
With this vulnerability, scam artists will be able to harvest all of a user’s passwords within a minute of connecting. Older folks fall for these types of scams all the time.
By Microsoft logic, you may as well leave a safe unlocked since access to its contents would require that your home have been compromised already.
Encrypting passwords / loading them into memory on an as-requested basis limits the scope of what gets compromised on a compromised device. The “performance” insinuation in the article is BS, other browsers autofill just fine without keeping all passwords plaintext in memory.
With this vulnerability, scam artists will be able to harvest all of a user’s passwords within a minute of connecting. Older folks fall for these types of scams all the time.
By Microsoft logic, you may as well leave a safe unlocked since access to its contents would require that your home have been compromised already.
Ah, so you’re perfectly fine as long as your device is never compromised.
Don’t worry about the missing fire extinguisher bro, that’s only important if the building is already on fire.