Browsers keep password in memory, how serious is that?

Browsers keep password in memory, how serious is that?(ghacks.net)

1 points by amirmaleki 3 years ago | 6 comments

This is a total nothingburger. If malware has enough access to steal passwords from your browser's memory, then there's no way to stop it from getting them.

beardyw 3 years ago | |

Exactly my thoughts. This becomes whack-a-mole since I must at some stage get the password in clear text what method do I use to keep them secure. Whatever it is it's just going to be obfuscation I the end.

amirmaleki 3 years ago | |

The article says that there is no need for elevation (I'm not sure it's true though)...

josephcsible 3 years ago | | |

So? Why should you need elevation to interact with your own non-elevated processes?

amirmaleki 3 years ago |

Since I'm a windows user, it's pretty concerning for me. Many [rather vague] processes need administrative permissions in order to run. Now with the fact that nearly all my passwords are saved in clear text in memory and can be accessed by other programs, it can be scary to think what others can do with the passwords which are not 2FA.

amirmaleki 3 years ago | |

>Extracting can be done from any non-elevated process that runs on the same machine

It doesn't even need elevation...!