A security researcher has discovered that Microsoft Edge will load all your stored passwords into memory in plaintext at startup, making it easy for malware to scrape those passwords.
You assume malware that comes from somewhere else and has full access to the entire system by the time it tries to attack the browser. If your default scenario is that the system has been completely compromised by arbitrarily complex malware, there’s no point in security measures at all because they’ve already failed by definition.
What about malware that runs inside the browser, e.g. after exploiting a vulnerability in the JS runtime? Peeking at the browser’s memory would be easier than breaking out of containment and obtaining control of the entire system. It would even be easier than obtaining control of the browser to a degree where you can access credentials without user intervention. Even if we assume that it’s as simple as reading the key from an easily found location and the credentials from another easily found location, that’s more work than just reading the credentials. And it becomes harder if the locations are less easily found.
Also, a defense doesn’t have to offer perfect protection in order to be worthwhile. It’s all a game of likelihoods; making an attack harder means it’s less likely to be done. Any additional step the attacker needs to take offers more protection because the attacker actually needs to take it. Microsoft actively worked to reduce the number of steps an attacker needs to take, which is worth calling out.
Defense in depth is important. Don’t insist that one single safety mechanism should protect against everything when layering them is known to be more effective.
That is one way an attacker can gain access to the browser’s memory. It’s not the only way.
Besides, administrative access does not necessarily mean that the attacker has complex attack code for every possible scenario included with whatever they’re running. The more work they have to do to access your data, the less likely it is that they’re doing that specific work.
Leaving stuff lying around in the open because an attacker potentially could have a specific countermeasure to more strict safety measures is equivalent to giving up. At that point you can just forego security at all because whatever you have might potentially have an exploit.
Files containing login credentials should be encrypted, yes. You will also find that password managers tend to relock their database after a period of time in order to limit the opportunity for an attack. That’s not the controversial action you think it is.
Besides, I find it interesting how Microsoft disabling a protection mechanism Chromium ships with has turned into a debate about the applicability of layered defense to cybersecurity in general.
If you’ve already got malware on your machine that can exploit this, how or where the passwords in your browser are exposed is entirely irrelevant.
This is just another one of these non-issue “vulnerabilities” where your computer has to already be completely cracked wide open to be exploited.
You assume malware that comes from somewhere else and has full access to the entire system by the time it tries to attack the browser. If your default scenario is that the system has been completely compromised by arbitrarily complex malware, there’s no point in security measures at all because they’ve already failed by definition.
What about malware that runs inside the browser, e.g. after exploiting a vulnerability in the JS runtime? Peeking at the browser’s memory would be easier than breaking out of containment and obtaining control of the entire system. It would even be easier than obtaining control of the browser to a degree where you can access credentials without user intervention. Even if we assume that it’s as simple as reading the key from an easily found location and the credentials from another easily found location, that’s more work than just reading the credentials. And it becomes harder if the locations are less easily found.
Also, a defense doesn’t have to offer perfect protection in order to be worthwhile. It’s all a game of likelihoods; making an attack harder means it’s less likely to be done. Any additional step the attacker needs to take offers more protection because the attacker actually needs to take it. Microsoft actively worked to reduce the number of steps an attacker needs to take, which is worth calling out.
Defense in depth is important. Don’t insist that one single safety mechanism should protect against everything when layering them is known to be more effective.
Read the article. This “vulnerability“ requires access to the machine already
That is one way an attacker can gain access to the browser’s memory. It’s not the only way.
Besides, administrative access does not necessarily mean that the attacker has complex attack code for every possible scenario included with whatever they’re running. The more work they have to do to access your data, the less likely it is that they’re doing that specific work.
Leaving stuff lying around in the open because an attacker potentially could have a specific countermeasure to more strict safety measures is equivalent to giving up. At that point you can just forego security at all because whatever you have might potentially have an exploit.
Should every single file on every computer be encrypted and require a password and 2FA to open every time? Why not?
Because if you’re logged in it’s assumed you have the right to be there and open them. Same with passwords in a browser.
Files containing login credentials should be encrypted, yes. You will also find that password managers tend to relock their database after a period of time in order to limit the opportunity for an attack. That’s not the controversial action you think it is.
Besides, I find it interesting how Microsoft disabling a protection mechanism Chromium ships with has turned into a debate about the applicability of layered defense to cybersecurity in general.