[maxloh]

This logic is perfectly aligned with the Chromium threat model. Once an attacker gains administrator access, it is game over by definition.

I doubt this is an Edge-specific issue. Microsoft has no interest in making their browser less secure than its upstream.

> Why aren‘t physically-local attacks in Chrome’s threat model?

> We consider these attacks outside Chrome's threat model, because there is no way for Chrome (or any application) to defend against a malicious user who has managed to log into your device as you, or who can run software with the privileges of your operating system user account. Such an attacker can modify executables and DLLs, change environment variables like PATH, change configuration files, read any data your user account owns, email it to themselves, and so on. Such an attacker has total control over your device, and nothing Chrome can do would provide a serious guarantee of defense. This problem is not special to Chrome ­— all applications must trust the physically-local user.

https://chromium.googlesource.com/chromium/src/+/148.0.7778....

[formerly_proven]

It's a very standard defense-in-depth technique to put secrets between guard pages and only make the secret page readable when needed. That way any inadvertent access, be it programming error or exploit, simply causes a segfault, unless it's raced with a valid access (in a multithreaded or shm context) or the exploit explicitly changed the permission bits. Most memory disclosure vulnerabilities don't allow you to do that.

That being said any single password, when used, passes through so many layers and components that it's likely impossible to even just wipe the contaminated memory locations. But that's fine, the password database is opened for most of the browser's lifetime, any given password actively being used is a rare event in comparison.

[BobbyTables2]

Wouldn’t a guard page be readable in Linux with /proc/self/mem ? (at least read only pages are writable with it)

[widelyusygas]

> It's a very standard defense-in-depth technique

Is there any software we’d be aware of which uses this technique

[slurmz]

Windows and OpenSSL both do this

[yellowapple]

> I doubt this is an Edge-specific issue.

It absolutely ain't Edge-specific. Firefox (AFAICT) also keeps stored passwords in clear-text unless encrypted with a passphrase (which is not the default on desktop; on Android there's a fingerprint/PIN check to access them, but I don't know offhand if there's any encryption involved with that).

Really this is true of most credentials stored within applications; unless you're providing a decryption key on open (whether explicitly or on OS-level login using some keychain mechanism), the stored credentials are probably plaintext.

[cromka]

Or unless you need to reenter password/offer fingerprint after certain amount of time. Which, I think, should be the actual standard, and typically is with the apps like Bitwarden.

[sandworm101]

>> Microsoft has no interest in making their browser less secure than its upstream.

Microsoft has every interest in spending as little money as possible on edge, just enough to keep people swalling the tripe. User privacy is not a thing at MS and hasnt been for decades. Plaintext passwords in a MS product is just another monday. It will take decades more to convince me they have changed.

[stackghost]

Look, Ihate Microsoft too but Edge is just Chrome with a different skin, so they'd have to have gone out of their way (and spent money paying engineers) to make Edge less secure than Chrome/ium.

[wolvoleo]

The whole point of them using chromium shows how little they care.

The old edge wasn't used much no but that wasn't due to its engine. Most people don't even know what a browser engine is.

They just didn't want to bother making a browser. But they want to benefit from the marketing advantages of having a browser so now they just lift along with chrome.

[thewebguyd]

> shows how little they care.

I think they do care, but they care about relevance, not browser monoculture. Doesn't matter how good Trident was, no one was ever going to use it. Even Firefox is barely hanging on, and the only reason Safari is still somewhat relevant is because it's the only choice on iOS.

And my relevance I mean their bread and butter, enterprise, not consumers. Edge is what lets MS give enterprise IT departments maximum control without the grumbling of "we'd rather have Chrome" from the end users.

[wolvoleo]

Well that's the thing. I don't think anybody didn't use Edge because it was a different engine. The majority of users have no idea that edge is just chrome now.

It's just when they moved to chromium they also stepped up the marketing around it and all the lock-in in Windows and that's really what got people to use it. Basically the same thing they did to make IE a monopoly.

They also really heavily pushed companies to start using it. Every time we had a call with a MS consultant and we shared a screen they had to bitch about us not using edge, as if they were on commission or something. Eventually they manipulated our leadership into mandating edge to all employees. It's totally locked down now too, it's terrible for the users.

But my point is, they could have done this with the trident version of edge too. I've never heard anyone complain about compatibility. Whenever people didn't want to use edge it was because of a (totally justified) distrust of Microsoft. We should never give control over the internet to them again after what they did with IE (making it a monopoly through illegal means and then leaving it to wither away full of security holes). But unfortunately at work they have got them to remove all other browsers :(

[NewsaHackO]

Come on, they could still get a blood sample to really verify that its the user