Security researcher Tom Jøran Sønstebyseter Rønning revealed that Microsoft Edge stores all saved passwords in cleartext in process memory, even when sites are not actively visited, allowing anyone with administrative privileges to extract these passwords and potentially escalate attacks within corporate environments. Microsoft considers this behavior “by design,” citing trade-offs between performance, usability, and security, but experts warn it poses significant risks, especially in shared or virtualized settings, and recommend organizations limit reliance on browsers for password storage and enforce strict access controls.
https://www.darkreading.com/cyber-risk/microsoft-edge-passwords-enterprise-risk
