This is a total nothingburger. If malware has enough access to steal passwords from your browser's memory, then there's no way to stop it from getting them.

Exactly my thoughts. This becomes whack-a-mole since I must at some stage get the password in clear text what method do I use to keep them secure. Whatever it is it's just going to be obfuscation I the end.

The article says that there is no need for elevation (I'm not sure it's true though)...

So? Why should you need elevation to interact with your own non-elevated processes?

Since I'm a windows user, it's pretty concerning for me. Many [rather vague] processes need administrative permissions in order to run. Now with the fact that nearly all my passwords are saved in clear text in memory and can be accessed by other programs, it can be scary to think what others can do with the passwords which are not 2FA.

>Extracting can be done from any non-elevated process that runs on the same machine

It doesn't even need elevation...!