Microsoft has reversed a design decision in its Edge browser: starting with a near-term update, Edge will no longer load your saved passwords into unprotected memory when the browser starts. Previously, Edge pre-loaded all stored passwords into RAM so they could be served instantly when you needed to log in somewhere — but this meant that any malicious program running on the same computer could scan that memory region and walk away with every password in your vault.
The upcoming change means Edge will only retrieve a password from its secure storage the moment you actually need it for a login. The improvement closes a well-known attacker technique and brings Edge more in line with how browsers like Firefox already handle stored credentials. The change is being rolled back after an earlier attempt caused some login friction; this time Microsoft is shipping it more carefully.
How to check if you’re affected
Affected versions of Microsoft Edge are any release older than the version that ships this fix — the safest step is to make sure you’re on the latest release.
- Open Edge and click the three-dot menu (⋯) in the top-right corner.
- Go to Help and feedback → About Microsoft Edge. Edge will check for updates automatically and prompt you to restart when one is ready.
- If you use Edge’s built-in password manager, this update strengthens it without any action on your part — but it’s still a good time to enable two-factor authentication on your most important accounts as a second layer of protection.