Hello and welcome to the Wednesday, May 6, 2026 edition of the Sands Internet Storm Center's

Stormcast. My name is Johannes Ulrich, recording today from Jackson, Florida. And this episode is

brought you by the Sands.edu graduate certificate program in industrial control system security.

Well, in diaries today, we got two kind of news items from Rob. First one affects Microsoft Edge.

Microsoft Edge manages passwords like all browsers pretty much do these days, and well, it stores passwords in an

encrypted file on your system. However, once you start edge, it will load all of these

passwords into the browser's memory and decrypt them, even though you as a user have to sort

of authenticate yourself for each password individually as you use it

to refill these passwords into a website while the passwords are already decrypted in memory.

So as Raw points out, this is sort of more a little bit security theater.

So what's the threat here? Well, at first you may say, well, it's not really a big deal

because in order to gain access to the memory,

you have to be logged in as the user.

If you are having all the privileges of the user,

you can probably do things like capture keystrokes,

load browser extensions and things like this.

So you would have access to the passwords as they're being used.

But the big risk here is that attacker can get bulk access to all of your passwords,

even with timely, very limited access to your system.

The other problem, of course, is that any kind of memory leak and, well,

browser sadly are kind of known for them could be exploited in order to then gain access

to these passwords, given the exact nature of the memory leak, of course.

...