<<<<<<< HEAD ======= >>>>>>> aa0e8a6a752f213750c5cecf4c1ff51a29770cf8

Attention: You are using an outdated browser, device or you do not have the latest version of JavaScript downloaded and so this website may not work as expected. Please download the latest software or switch device to avoid further issues.

News > Attacks & Threats > Microsoft Edge Stores Passwords in Process Memory, Posing Enterprise Risk

Microsoft Edge Stores Passwords in Process Memory, Posing Enterprise Risk

A proof-of-concept exploit (PoC) shows how someone with admin privileges can exploit the issue to steal passwords, and thus use them to engage in further malicious activity.
8 May 2026
Written by Gabi Gerber
Attacks & Threats

Featured

Identity & Access Management, Hacking Topics, Security Operation Center

An attacker with administrative privileges can gain access to Microsoft Edge user passwords even when they're not in use, because the browser stores them in cleartext in process memory as part of a design decision by Microsoft.

Security researcher Tom Jøran Sønstebyseter Rønning revealed the issue and how it can be exploited in a proof-of-concept (PoC) tool at Palo Alto Networks Norway's BIG Bite of Tech conference last week. He subsequently posted resources for the PoC and tool on GitHub. More here

Similar Stories

Attacks & Threats

On-Prem Microsoft Exchange Server CVE-2026-42897 Exploited via Crafted Email

Microsoft has disclosed a new security vulnerability impacting on-premise versions of Exchange Server that it said has come under active exploitation in the wild. More...
Foxconn Attack Highlights Manufacturing's Cyber Crisis

A Nitrogen ransomware attack on Foxconn's North American facilities is one of 600 hits on manufacturers this year, as ga… More...
'TrustFall' Convention Exposes Claude Code Execution Risk

Malicious repositories can trigger code execution in Claude Code, Cursor CLI, Gemini CLI, and CoPilot CLI with minimal o… More...
Hackers Use AI for Exploit Development, Attack Automation

Cyber adversaries have long used AI, but now attackers are using large language models to develop exploits and orchestra… More...
If AI's So Smart, Why Does It Keep Deleting Production Databases?

The issue isn't artificial intelligence, but rather an industry adding AI agent integrations into production environment… More...

Have your say

 

News Categories

Attacks & Threats

On-Prem Microsoft Exchange Server CVE-2026-42897 Exploited via Crafted Email

Microsoft has disclosed a new security vulnerability impacting on-premise versions of Exchange Server that it said has come under active exploitation in the wild. More...
Foxconn Attack Highlights Manufacturing's Cyber Crisis

A Nitrogen ransomware attack on Foxconn's North American facilities is one of 600 hits on manufacturers this year, as ga… More...
'TrustFall' Convention Exposes Claude Code Execution Risk

Malicious repositories can trigger code execution in Claude Code, Cursor CLI, Gemini CLI, and CoPilot CLI with minimal o… More...
Hackers Use AI for Exploit Development, Attack Automation

Cyber adversaries have long used AI, but now attackers are using large language models to develop exploits and orchestra… More...
Microsoft Edge Stores Passwords in Process Memory, Posing Enterprise Risk

A proof-of-concept exploit (PoC) shows how someone with admin privileges can exploit the issue to steal passwords, and t… More...

Show more
image

Contact Us

Security Interest Group Switzerland
c/o Bridge Head AG
Sulzbergstrasse 34
5430 Wettingen
Switzerland

Quick Links

Terms
Contact Us
Privacy Policy
Newsletter

Follow Us

This website is powered by
ToucanTech