• Skip to main content
  • Skip to secondary menu
  • Skip to footer

Cybersecurity Market

Cybersecurity Technologies & Markets

  • Cybersecurity Events 2025-2026
  • Cybersecurity Jobs
  • Sponsored Post
    • Make a Contribution
  • Market Reports
  • About
    • GDPR
  • Contact

SquareX Launches “Year of Browser Bugs” (YOBB) to Expose Critical Security Blind Spots

March 18, 2025 By CyberNewswire Leave a Comment

Palo Alto, USA, March 18th, 2025, CyberNewsWire

Groundbreaking initiative reveals browser vulnerabilities in understudied yet critical attack surface

SquareX, a pioneer in Browser Detection and Response (BDR) space, announced the launch of the “Year of Browser Bugs” (YOBB) project today, a year-long initiative to draw attention to the lack of security research and rigor in what remains one of the most understudied attack vectors – the browser.

The browser has evolved from a simple web rendering engine to be the new “endpoint” — the primary gateway through which users interact with the Internet, for work, leisure, and transactions. Yet, traditional security solutions continue to focus on endpoints and networks despite the exponential growth of browser-native attacks.

The YOBB project was inspired by Month of Bugs (MOB), an iconic cybersecurity initiative where security researchers would publish one major vulnerability found in major software providers every day of the month. MOB projects played a huge role in improving the gravity at which security and responsible disclosure are taken in these companies. Notable projects included the Month of Browser Bugs (July 2006), Month of Kernel Bugs (November 2006), and Month of Apple Bugs (January 2007). SquareX is bringing back this tradition with the YOBB to raise awareness of cyberthreats that the browser is vulnerable to. However, unlike H. D. Moore’s original Month of Browser Bugs which focused on software bugs in the browser itself, SquareX will be disclosing application layer attacks that can be delivered through any website, app, or cloud data storage accessed through the browser. 

Throughout 2025, SquareX’s research team will disclose at least one critical web attack per month as part of the YOBB project, focusing on vulnerabilities that exploit architectural limitations of the browser and incumbent solutions. The research will reveal never-seen-before attack vectors that remain unknown even to the cybersecurity community. Each disclosure will include attack video demonstrations, technical breakdowns, and mitigation strategies. These disclosures will be wholly SquareX-researched and discovered, rather than an aggregation of existing security research. 

Under the YOBB initiative, SquareX has already made major releases since 2024 and into the first two months of 2025:

2025

  • January: SquareX Discloses “Browser Syncjacking”, a New Attack Technique that Provides Full Browser and Device Control, Putting Millions at Risk 
  • February: SquareX Unveils Polymorphic Extensions that Morph Infostealers into Any Browser Extension – Password Managers, Wallets at Risk 

2024

  • August: SquareX Uncovers Critical Flaw in Secure Web Gateways
  • December: Cyberhaven’s OAuth Identity Attack — Are your Extensions Affected?

Quoting Vivek Ramachandran, the Founder and CEO of SquareX, “As browsers become the new endpoint, attackers are increasingly targeting employees to break into organizations and exfiltrate data, just like the Cyberhaven incident. Unfortunately, beyond mainstream media attention, there is little done by vendors from a security perspective to prevent similar exploits from happening in the future. The YOBB is our attempt to draw attention to an attack surface that is exponentially growing. We hope that this will serve as a call to action for browser and security vendors to solve these vulnerabilities that give rise to application layer attacks that simply cannot be solved through browser patches.”

As the year progresses, security teams can expect monthly disclosures to be documented at https://sqrx.com/research.

About SquareX

SquareX’s industry-first Browser Detection and Response (BDR) helps organizations detect, mitigate and threat-hunt client-side web attacks targeting employees in real time. This includes defending against identity attacks, malicious extensions, spearphishing, browser data loss, and insider threats. 

SquareX takes a research and attack-focused approach to browser security. SquareX’s dedicated research team was the first to discover and disclose multiple pivotal attacks, including Last Mile Reassembly Attacks, Polymorphic Extension,s, and Browser Syncjacking. As part of the Year of Browser Bugs (YOBB) project, SquareX commits to continue disclosing at least one major architectural browser vulnerability every month.  

To learn more about SquareX’s BDR, users can contact [email protected]. For press inquiries on this disclosure on the Year of Browser Bugs, users can contact [email protected].

Contact

Head of PR
Junice Liew
SquareX
[email protected]

Filed Under: News

Reader Interactions

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Footer

Recent Posts

  • BlindSPOT Expands to Validate Both Detection and Response in Cybersecurity Readiness
  • Five Elms Capital Closes $1.1B Fund VI to Back the Next Generation of Scalable Software Leaders
  • INE Security and RedTeam Hacker Academy Announce Partnership to Advance Cybersecurity Skills in the Middle East
  • Check Point’s Strategic Move: Acquiring Veriti to Tackle Advanced Cyber Threats Head-On
  • Limerston Capital Accelerates Expansion into UK Cyber Security Sector with Strategic Acquisition of CyberCrowd
  • Halo Security Achieves SOC 2 Type 1 Compliance, Validating Security Controls for Its Attack Surface Management Platform
  • Netrio Acquires Agio to Strengthen Its Position in Financial Cybersecurity and Mid-Market IT Services
  • LevelBlue: A Year of Cyber Resilience, Strategic Depth, and Measurable Outcomes
  • INE Security Partners with Abadnet Institute for Cybersecurity Training Programs in Saudi Arabia
  • ThreatBook Named a Notable Vendor in Global Network Analysis and Visibility (NAV) Independent Report

Media Partners

  • Technology Conferences
  • Technologies
  • Event Sharing Network
  • GameTech Market
  • OSINT
  • Event Calendar
  • Calendarial
  • Media Presser
  • 3V

Media Partners

  • App Coding
  • API Coding
  • Blockchaining
  • S3H
  • Press Club
  • VPNW
  • Opinion
  • Media Press Release
  • Defense Market

Copyright © 2022 CybersecurityMarket.com

Technologies, Market Analysis & Market Research