A security researcher has discovered that Microsoft Edge will load all your stored passwords into memory in plaintext at startup, making it easy for malware to scrape those passwords.
  • Passerby6497@lemmy.worldEnglish
    2 hours

    Safety and security are foundational to Microsoft Edge. Access to browser data as described in the reported scenario would require the device to already be compromised. Design choices in this area involve balancing performance, usability, and security, and we continue to review it against evolving threats.

    “We value user safety and usability, but if you’re already compromised you can go fuck yourself”

    • ragas@lemmy.mlEnglish
      2 hours

      No, if you are already compromised there is just no way anyone can help you anymore besides wiping your whole system.

      • iglou@programming.devEnglish
        12 minutes

        Yeah, I can’t believe I’m defending Microsoft but that’s probably what they meant. No browser password saving feature is safe if your device is compromised.

        Use a proper encrypted password manager

  • azvasKvklenko@sh.itjust.worksEnglish
    4 hours

    I don’t worry, I just don’t use Edge or Windows or any MS software really (except for Teams at work)

  • gokayburuc@lemmy.worldEnglish
    4 hours

    we will take your data but don’t worry be happy 😁 🇯🇲 we will not use it. Because we are smoking ganja and smiling to each other in our office. We are so happy; Thanks to AI. Peace ☮️✌️😁🕶️

    Microslop Edge Team

  • MonkderVierte@lemmy.zipEnglish
    5 hours

    Btw, don’t ever copy&paste from your password manager, if that’s a problem. That’s what memory protection mechanisms in hardware and software are for.

    The problem is, the weird way it is implemented in Edge and how MS handles the issue.

    • Passerby6497@lemmy.worldEnglish
      2 hours

      Btw, don’t ever copy&paste from your password manager, if that’s a problem

      Maybe, but at least with my password manager, they’d only get passwords as I use them and not the keys to the kingdom when I open it.

      The problem is, the weird way it is implemented in Edge and how MS handles the issue.

      “Handles the issue” is a weird way to say they don’t give a shit about protecting your passwords. They had to change this behavior, because chromium doesn’t do this by default, so it’s not really even negligence in Microsoft at that point. They chose to do this.

  • 58008@lemmy.worldEnglish
    7 hours

    2026 is gonna be the year I finally move to Linux. I have huge concerns about many aspects of switching, but they’re being overtaken by concerns about staying with Windows. I don’t even mind if my overall user experience is a bit worse on Linux (I am trying to have reasonable expectations that it won’t be the walk in the park Linux advocates on Lemmy like to claim), I just have much more faith in its security, privacy, customisability and - most importantly - the motivations and intentions of its developers.

    • Mossheart@lemmy.caEnglish
      15 minutes

      Just made the move a few months ago. Only headache was a missing headset driver, but Claude was able to one shot one for me that’s been stable ever since.

      Not looking back. There have been very few things that haven’t worked so far. Take the leap!

    • BozeKnoflook@lemmy.worldEnglish
      5 hours

      Best of luck! If you’ve got questions or problems feel free to DM me (or reply here) and I’ll try to help as best I can. I’ve been using linux since the mid 90s, so I have a decent idea of how it all works :)

    • Throbbing_banjo@lemmy.dbzer0.comEnglish
      5 hours

      If you move to one of the big supported distributions, you’ll be extremely surprised how easy it is.

      If you just want things to stay consistent and easy, I can’t recommend Linux mint enough. I installed it on my son’s laptop almost two years ago and he’s never needed my help to fix anything since.

      The installation walks you through everything, just like Windows, but it’ll only take about the third of the time. Everything just works and there’s no trash to uninstall or debloat scripts to run when you’re done.

      If you do any gaming you might want to run Fedora or bazzite (fedora with training wheels), but if you’re using KDE for the desktop that’s almost as easy and seamless.

      • teslekova@sh.itjust.worksEnglish
        2 hours

        Can confirm, Bazzite is ridiculously easy. If you don’t want to dual-boot it’s easier to install than Windows. I have it on my laptop and all my games run better now.

        Except Tropico 6. For some reason that made my entire system go crazy. 😄

        • Throbbing_banjo@lemmy.dbzer0.comEnglish
          2 hours

          Bazzite is so easy to set up it’s kind of ridiculous. I ended up jumping to straight Fedora just so I can fiddle with things a little more, but for 99% of users the immutable distro thing is perfectly fine

  • iglou@programming.devEnglish
    7 hours

    Eh. To be honest it indeed does not matter much. Scanning your RAM for passwords is much harder than simply reading them off the browsers files. Sure, it is encrypted and the key is not necessarily on your computer, but remember that if the software can decrypt your passwords without you inputting a password or similar, then anything with access to your device can as well.

    Don’t use your browser’s password manager.

    • badgermurphy@lemmy.worldEnglish
      9 minutes

      For real. Like why isn’t that a plugin? I feel like security best practices have advised against using the baked-in password manager in the browser for near a decade now, so any browser claiming an interest in security could score a big win by literally just removing that functionality.

      Its a disservice that they even exist st all at this point.

  • zerofk@lemmy.zipEnglish
    8 hours

    Access to browser data as described in the reported scenario would require the device to already be compromised.

    Yes you can open our safe with just a good yank but if a thief can do that they’re already in your house.

    • MonkderVierte@lemmy.zipEnglish
      5 hours

      If the thief is already in your house, he can also eat your meal and steal your furniture.

  • AbsolutelyNotAVelociraptor@piefed.socialEnglish
    9 hours

    They say not to worry because they know nobody uses that dumpster fire of a browser so there’s no actual risk of your passwords being leaked since you’re not using it anyways.

  • quantumvoid0@programming.devEnglish
    13 hours

    does this company intentionally want users to stop using it? cuz day by day either theres a new windows bug or just shittier softwares

    • CileTheSane@lemmy.caEnglish
      22 minutes

      The AI tells them this is fine, and we are not to question the AI.

    • smeenz@lemmy.nzEnglish
      6 hours

      I think it’s more than they just don’t care. Microsoft cornered the business world decades ago because they’ve got wot C-levels crave…or something. End users have no say in it.

    • Senseless@feddit.orgEnglish
      9 hours

      Not to worry, the next update will fix it. (And make 12 others things worse. Also it will make your printer stop working. Again.)