Feed aggregator

Microsoft said it will change Edge’s password handling as a “defense‑in‑depth” measure.

Originally, Edge decrypted the entire saved‑password store on startup and kept all credentials resident in process memory in clear text for the whole browser session, regardless of whether a given credential was ever used or not.

A short while ago, Microsoft said this plaintext password behavior was by design. Now, Microsoft has changed course, and the new password-handling behavior is already present in Canary (the experimental preview version of Microsoft Edge), with rollout prioritized across all channels.

The researcher who originally flagged the issue said:

“Edge is the only Chromium‑based browser I’ve tested that behaves this way. By contrast, Chrome uses a design that makes it far harder for attackers to extract saved passwords by simply reading process memory.”

Microsoft Edge Security Lead Gareth Evans said Microsoft is now taking a broader view and has committed to changing Edge so that saved passwords are no longer loaded into memory on startup as clear text. As a result, exposure will be reduced as a defense‑in‑depth improvement. That means even if an attacker has administrative control of a device, it becomes harder to harvest all the passwords.

According to Microsoft:

“Going forward, Microsoft Edge will no longer load all saved passwords into memory at browser startup. Instead, passwords will be decrypted only when needed for autofill or password management operations.”

The change is already live in the Edge Canary channel and will be included in the next update for all supported Edge releases (build 148 and newer across Stable, Beta, Dev, Canary, and Extended Stable).

The reason for this change is probably more reputational and strategic rather than an acknowledgment of an exploitable vulnerability. Microsoft seems to want to align reality with its “secure by design” messaging and reduce a very visible, easy‑to‑demo weakness, even if it still doesn’t treat it as a classic memory‑disclosure bug.

Passwords in your browser

Please note that this change just means Edge will become roughly as secure an option to store passwords as every other Chromium-based browser.

Your browser password manager gives you ease of use, but that comes with some security tradeoffs. Of course, password managers aren’t foolproof either, so it’s important to decide for yourself where you store your passwords.

If you’re confident a website is safe, and anyone who can access it under your account wouldn’t learn anything sensitive, feel free to store the password in your browser, but disable autofill so you stay in control.

Use MFA where possible. It enormously reduces the risk if someone gets hold of your password. And avoid using the browser password manager to store your credit card details or other sensitive personally identifiable information, such as medical information.

Let’s face it, an incognito window can only do so much. 
 
Breaches, dark web trading, credit fraud. Malwarebytes Identity Theft Protection monitors for all of it, alerts you fast, and comes with identity theft insurance. 

An emerging European standard for e-invoicing could streamline the order-to-cash process in UK businesses

The researcher dropped the MiniPlasma exploit that uses the original proof-of-concept (PoC) code targeting the bug.

The post Researcher Drops MiniPlasma Windows Exploit for Unpatched 2020 CVE appeared first on SecurityWeek.

Article URL: https://arxiv.org/abs/2605.15503

Comments URL: https://news.ycombinator.com/item?id=48177601

Points: 1

# Comments: 0

Article URL: https://arxiv.org/abs/2605.16035

Comments URL: https://news.ycombinator.com/item?id=48177597

Points: 1

# Comments: 0

Article URL: https://www.science.org/content/article/major-outbreak-rare-ebola-virus-species-northern-congo-alarms-scientists

Comments URL: https://news.ycombinator.com/item?id=48177584

Points: 2

# Comments: 0

Article URL: https://electrek.co/2026/05/16/sennebogen-shows-off-electric-autonomous-material-handler/

Comments URL: https://news.ycombinator.com/item?id=48177577

Points: 1

# Comments: 0

Article URL: https://martinvol.pe/blog/2026/05/18/cloudflare-pages-is-all-you-need-for-your-blog/

Comments URL: https://news.ycombinator.com/item?id=48177530

Points: 2

# Comments: 0

Article URL: https://zriyansh.medium.com/running-agents-without-losing-my-keys-a-month-with-authsome-039690fe5e6f

Comments URL: https://news.ycombinator.com/item?id=48177527

Points: 2

# Comments: 0

Article URL: https://www.phoronix.com/news/GNOME-51-Resources-Possible

Comments URL: https://news.ycombinator.com/item?id=48177502

Points: 4

# Comments: 0

Article URL: https://www.euronews.com/2026/05/18/eu-households-could-save-more-than-2200-every-year-by-switching-to-heat-pumps-and-evs

Comments URL: https://news.ycombinator.com/item?id=48177496

Points: 5

# Comments: 0

Article URL: https://www.vincentschmalbach.com/chinas-shadow-api-market/

Comments URL: https://news.ycombinator.com/item?id=48177492

Points: 2

# Comments: 0

Article URL: https://petargyurov.com/bookshelf/

Comments URL: https://news.ycombinator.com/item?id=48177489

Points: 1

# Comments: 1

Article URL: https://yes-we-scan.app/details

Comments URL: https://news.ycombinator.com/item?id=48177467

Points: 3

# Comments: 0

True to its name, this slender laptop's second-gen Snapdragon X2 chip has truly impressive performance. However, you'll need to keep looking if you're after strong graphics performance.

Article URL: https://dogma25.dk/

Comments URL: https://news.ycombinator.com/item?id=48177452

Points: 2

# Comments: 0

Article URL: https://www.phoronix.com/news/FluidX3D-3.7-Released

Comments URL: https://news.ycombinator.com/item?id=48177446

Points: 1

# Comments: 0

Article URL: https://github.com/DO-SAY-GO/freelang

Comments URL: https://news.ycombinator.com/item?id=48177400

Points: 1

# Comments: 1

Article URL: https://space.gekko.de/from-y2k-to-q-day/

Comments URL: https://news.ycombinator.com/item?id=48177350

Points: 1

# Comments: 0

Article URL: https://latlng.cloud/

Comments URL: https://news.ycombinator.com/item?id=48177345

Points: 1

# Comments: 0