Privacy technologies
fromZDNET
3 hours agoWhy Edge stores your passwords in plaintext, according to Microsoft
Microsoft Edge stores passwords in plaintext in RAM when used as a password manager.
Gene Moody, field CTO at Action1, explained that, in this vulnerability, a browser frees an object, but later continues to use the stale reference memory location. Any attacker who can shape heap layout with controlled content can potentially replace the contents of that freed memory with data they control. Because this lives in the renderer, and is reachable through normal page content, he said, the trigger surface is almost absolute.