I confirmed this Edge behavior.

Reply to I confirmed this Edge behavior. on Tue, 05 May 2026 23:02:18 GMT

spacelifeform@infosec.exchange — Tue, 05 May 2026 23:02:18 GMT

@mttaggart

A good reason to not submit crash reports.

Reply to I confirmed this Edge behavior. on Tue, 05 May 2026 22:53:15 GMT

stiiin@infosec.space — Tue, 05 May 2026 22:53:15 GMT

@InfosecStuC It's a dump of the memory of the browser process, not a password vault.

Reply to I confirmed this Edge behavior. on Tue, 05 May 2026 22:06:42 GMT

infosecstuc@infosec.exchange — Tue, 05 May 2026 22:06:42 GMT

@mttaggart 1995 called, it wants its cleartext browser password file back. I thought edge was based on Chrome? Obviously with the secure bits taken out....sheesh.

Reply to I confirmed this Edge behavior. on Tue, 05 May 2026 20:24:09 GMT

winterknight1337@infosec.exchange — Tue, 05 May 2026 20:24:09 GMT

@mttaggart well, that’ll be helpful. This is dumb.

Reply to I confirmed this Edge behavior. on Tue, 05 May 2026 20:08:25 GMT

mttaggart@infosec.exchange — Tue, 05 May 2026 20:08:25 GMT

@leon_p_smith As I understand it, that's not exactly how Chrome does it anymore though. The keying material is not stored in the same process as the encrypted passwords. The process containing the key is owned by SYSTEM, even for user-launched browsers. Please keep me honest about that if I'm misremembering.

It is a limitation that this requires memory dumping, meaning an admin token. Nevertheless, the ease of capturing browser credentials without locating the key is meaningful for attackers.

Reply to I confirmed this Edge behavior. on Tue, 05 May 2026 20:03:36 GMT

leon_p_smith@ioc.exchange — Tue, 05 May 2026 20:03:36 GMT

@mttaggart Unless you are unlocking your password manager every time you want to use a password, or you have a dongle-assisted password manager, at least in theory there's not much difference between storing passwords in cleartext in memory or storing encrypted passwords with the unlock key in memory.

Admittedly keeping passwords encrypted with the key in memory does make confirmation much harder, and exploitation a teensy bit harder, but an highly skilled attacker with access to your password manager's working memory shouldn't find much difference.

Virtual memory does throw a monkey wrench into this analysis, though. Virtual memory is one reason I am very interested in dongle-assisted password managers.