2025: The Year of Browser Bugs

Over the past two decades, the browser has evolved from a simple web rendering engine to the primary gateway through which users interact with the internet, be it for work, leisure or transactions. In other words, browsers are becoming the new endpoint. Yet, despite the exponential growth of browser-native attacks, traditional security solutions continue to focus on endpoint and network, leaving a large gaping hole when it comes to browser security.

To tackle this issue, we are starting the Year of Browser Bugs (YOBB), a yearlong initiative to draw attention to the lack of security research and rigor in what remains one of the most understudied attack vectors - the browser.

The YOBB project was inspired by Month of Bugs (MOB), an iconic cybersecurity initiative where security researchers would publish one major vulnerability found in major software providers for every day of the month. MOB projects played a huge role in improving the gravity at which security and responsible disclosure is taken in these companies.

SquareX's research team is bringing back this tradition. We will disclose at least one critical web attack per month as part of the YOBB project, focusing on vulnerabilities that exploit architectural limitations of the browser and security incumbents. The research will reveal novel attack vectors discovered by our own research team. Each disclosure will include attack video demonstrations, technical breakdowns, and mitigation strategies.

Security Research Exposés

Browser-Native Ransomware

Browser-Native Ransomware

March 2025

As we move towards a cloud and SaaS-centric workplace, browsers are becoming the new endpoint. The discovery of browser-native ransomware provides a glimpse to the evolution of ransomware - one which renders EDRs obsolete, putting millions of organizations at risk.

Learn More
Polymorphic Extensions

Polymorphic Extensions

February 2025

Polymorphic extensions impersonate legitimate extensions such as password managers and crypto wallets, leading victims to believe that they are providing credentials to the real extension.

Learn More
Browser Syncjacking

Browser Syncjacking

January 2025

Browser Syncjacking is a new attack technique where a single malicious extension can be used to completely hijack the browser, and eventually, the whole device.

Learn More
OAuth Consent Grant Phishing

OAuth Consent Grant Phishing

December 2024

SquareX was the first to sound the alarm on OAuth-based consent grant attacks behind the Cyberhaven breach. These attacks targeted Chrome extension developers, where threat actors used phishing emails to gain access to developers' Chrome Store accounts and push malicious updates to users.

Learn More
Sneaky Extensions: MV3 Vulnerabilities

Sneaky Extensions: MV3 Vulnerabilities

October 2024

The SquareX team demonstrated how despite Google MV3's improved security controls, malicious extensions can still bypass MV3's security controls to compromise users.

Learn More
Last Mile Reassembly Attacks

Last Mile Reassembly Attacks

August 2024

On the DEF CON 32 main stage, SquareX unveiled Last Mile Reassembly Attacks: how attackers exploit the architectural limitations of Secure Web Gateways to deliver malware to enterprise users.

Learn More
SquareX finds security flaws in top email providers

SquareX finds security flaws in top email providers

April 2024

SquareX researchers highlighted that top email providers including Apple, Gmail, Microsoft, and Yahoo - which billions use - failed to detect and block malicious attachments.

Learn More