Microsoft Edge's password manager has a critical security flaw, according to a cybersecurity researcher. The issue lies in how Edge stores passwords in plaintext memory, even when not in use, which could allow attackers to access sensitive data if they gain administrative access to a terminal server. This behavior is unique to Edge among Chromium-based browsers, with Google Chrome implementing a more secure design. Microsoft's response to the researcher's findings was that this behavior is 'by design', but security experts argue that passwords should only be decrypted at the time of use and deleted shortly after. This incident highlights the importance of user vigilance and the need for continuous security updates to protect against emerging threats.
