A security researcher has discovered that Microsoft Edge will load all your stored passwords into memory in plaintext at startup, making it easy for malware to scrape those passwords.
  • Passerby6497@lemmy.worldEnglish
    9 minutes

    Safety and security are foundational to Microsoft Edge. Access to browser data as described in the reported scenario would require the device to already be compromised. Design choices in this area involve balancing performance, usability, and security, and we continue to review it against evolving threats.

    “We value user safety and usability, but if you’re already compromised you can go fuck yourself”

  • azvasKvklenko@sh.itjust.worksEnglish
    2 hours

    I don’t worry, I just don’t use Edge or Windows or any MS software really (except for Teams at work)

  • gokayburuc@lemmy.worldEnglish
    2 hours

    we will take your data but don’t worry be happy 😁 🇯🇲 we will not use it. Because we are smoking ganja and smiling to each other in our office. We are so happy; Thanks to AI. Peace ☮️✌️😁🕶️

    Microslop Edge Team

  • MonkderVierte@lemmy.zipEnglish
    3 hours

    Btw, don’t ever copy&paste from your password manager, if that’s a problem. That’s what memory protection mechanisms in hardware and software are for.

    The problem is, the weird way it is implemented in Edge and how MS handles the issue.

    • Passerby6497@lemmy.worldEnglish
      1 minute

      Btw, don’t ever copy&paste from your password manager, if that’s a problem

      Maybe, but at least with my password manager, they’d only get passwords as I use them and not the keys to the kingdom when I open it.

      The problem is, the weird way it is implemented in Edge and how MS handles the issue.

      “Handles the issue” is a weird way to say they don’t give a shit about protecting your passwords. They had to change this behavior, because chromium doesn’t do this by default, so it’s not really even negligent behavior.

  • 58008@lemmy.worldEnglish
    5 hours

    2026 is gonna be the year I finally move to Linux. I have huge concerns about many aspects of switching, but they’re being overtaken by concerns about staying with Windows. I don’t even mind if my overall user experience is a bit worse on Linux (I am trying to have reasonable expectations that it won’t be the walk in the park Linux advocates on Lemmy like to claim), I just have much more faith in its security, privacy, customisability and - most importantly - the motivations and intentions of its developers.

    • BozeKnoflook@lemmy.worldEnglish
      3 hours

      Best of luck! If you’ve got questions or problems feel free to DM me (or reply here) and I’ll try to help as best I can. I’ve been using linux since the mid 90s, so I have a decent idea of how it all works :)

    • Throbbing_banjo@lemmy.dbzer0.comEnglish
      3 hours

      If you move to one of the big supported distributions, you’ll be extremely surprised how easy it is.

      If you just want things to stay consistent and easy, I can’t recommend Linux mint enough. I installed it on my son’s laptop almost two years ago and he’s never needed my help to fix anything since.

      The installation walks you through everything, just like Windows, but it’ll only take about the third of the time. Everything just works and there’s no trash to uninstall or debloat scripts to run when you’re done.

      If you do any gaming you might want to run Fedora or bazzite (fedora with training wheels), but if you’re using KDE for the desktop that’s almost as easy and seamless.

  • iglou@programming.devEnglish
    5 hours

    Eh. To be honest it indeed does not matter much. Scanning your RAM for passwords is much harder than simply reading them off the browsers files. Sure, it is encrypted and the key is not necessarily on your computer, but remember that if the software can decrypt your passwords without you inputting a password or similar, then anything with access to your device can as well.

    Don’t use your browser’s password manager.

  • zerofk@lemmy.zipEnglish
    6 hours

    Access to browser data as described in the reported scenario would require the device to already be compromised.

    Yes you can open our safe with just a good yank but if a thief can do that they’re already in your house.

    • MonkderVierte@lemmy.zipEnglish
      3 hours

      If the thief is already in your house, he can also eat your meal and steal your furniture.

  • AbsolutelyNotAVelociraptor@piefed.socialEnglish
    7 hours

    They say not to worry because they know nobody uses that dumpster fire of a browser so there’s no actual risk of your passwords being leaked since you’re not using it anyways.

  • quantumvoid0@programming.devEnglish
    11 hours

    does this company intentionally want users to stop using it? cuz day by day either theres a new windows bug or just shittier softwares

    • smeenz@lemmy.nzEnglish
      4 hours

      I think it’s more than they just don’t care. Microsoft cornered the business world decades ago because they’ve got wot C-levels crave…or something. End users have no say in it.

    • Senseless@feddit.orgEnglish
      7 hours

      Not to worry, the next update will fix it. (And make 12 others things worse. Also it will make your printer stop working. Again.)