Researcher Shows Edge Browser Stores Saved Passwords in Plaintext

A researcher demonstrated that Microsoft Edge stores saved passwords in plaintext in process memory and released a proof-of-concept tool (EdgeSavedPasswordsDumper) showing how an attacker or infostealer with sufficient privileges can extract credentials; this is especially risky in shared environments (Citrix/VDI). Microsoft says the behavior is by design and recommends using dedicated password managers and other mitigations, while experts warn the transient plaintext presence in memory makes passwords easily harvestable by other processes.