Microsoft is updating the Edge web browser to ensure it no longer loads saved passwords into process memory in clear text at startup after previously stating it was “by design.”
Microsoft is updating the Edge web browser to ensure it no longer loads saved passwords into process memory in clear text at startup after previously stating it was “by design.”
Backpedals? That is a vibecoding-level mistake that would have sat the Microsoft CEO back in front of the DOJ back in the 1990s.
Why does Bitwarden do it then?
i want to be clear whats going on here. every other password manager loads the password you are requesting (they have to)… edge, on startup, loaded every single password in memory to be accessed. every… single… one.
bitwarden does not do that.
I think the only difference is the “on start up” piece. Bitwarden doesn’t load unencrypted contents in to memory on startup, but the moment you unlock your vault, all of its contents are dumped into memory in plaintext. It’s not like it decrypts one password at a time on request. When your vault is unlocked, everything is decrypted. When your vault is relocked, it’s supposed to purge the unencrypted contents from memory.
A Bitwarden moderator explains this in a forum post:
https://community.bitwarden.com/t/what-informations-can-be-extracted-from-a-memory-dump-when-client-is-unlocked/53188/2