Microsoft Edge stores all saved browser passwords in cleartext in its process memory, making them accessible via memory dumps. An attacker can create a memory dump of the Edge browser process and extract credentials using simple string search tools without needing to authenticate through the browser's password manager interface. This behavior is acknowledged by Microsoft as intended, with no current plans to change it. The vulnerability was publicly disclosed in 2026 by researchers who demonstrated the ease of extracting credentials, highlighting a significant security weakness in Edge's password storage approach.

Stored passwords in Microsoft Edge can be extracted in cleartext from the browser's memory by anyone with local access to the system and the ability to create a memory dump. This exposure bypasses the browser's biometric or other authentication protections designed to secure password viewing within the UI. The impact is limited to local attackers or malware with sufficient privileges to dump process memory. There are no known exploits in the wild at this time.

Microsoft currently classifies this behavior as intended and has not issued a patch or official remediation. Users concerned about this risk should consider using alternative browsers with more secure password storage mechanisms. Restricting local access to systems and limiting privileges can reduce the risk of memory dumping attacks. Monitor official Microsoft advisories for any future updates or changes in this behavior. Patch status is not yet confirmed — check the vendor advisory for current remediation guidance.