Palo Alto, USA, March 18, 2025, Cybernaise Swire
A groundbreaking initiative reveals browser vulnerabilities on an understood but critical attack surface
Squarex, a pioneer in the browser detection and response (BDR) space, has announced the launch of its “Year of Browser Bugs” (YOBB) project.
Browsers have evolved from a simple web rendering engine to become a new “endpoint.” This is the main gateway, work, leisure and transactions in which users interact with the Internet. However, traditional security solutions continue to focus on endpoints and networks despite the exponential growth of browser and native attacks.
The YOBB project was inspired by Bugs of Bugs (MOB), an iconic cybersecurity initiative in which security researchers issue one major vulnerability every month in major software providers. The MOB project played a major role in improving the gravity where security and responsible disclosure is made in these companies. Notable projects include browser bug months (July 2006), kernel bug months (November 2006), and Apple Bugs months (January 2007). Squarex is regaining this tradition with Yobb to raise awareness of vulnerable cyber threats for browsers. However, unlike the original browser bugs in HD Moore, which focuses on software bugs in the browser itself, SquareX discloses application layer attacks that can be delivered via any website, app, or cloud data storage accessed through the browser.
Throughout 2025, SquareX research teams have disclosed at least one important web attack per month as part of the YoBB project, focusing on vulnerabilities that leverage architectural restrictions on browsers and in-house solutions. This study reveals attack vectors that have never been seen before, which remain unknown even in the cybersecurity community. Each disclosure includes demonstrations of attack video, technical breakdowns, and mitigation strategies. These disclosures are discovered as a complete square study rather than a consolidation of existing security research.
Under the Yobb initiative, Squarex has already made a massive release since 2024 in the first two months of 2025.
2025
2024
“When browsers become new endpoints, employees will infiltrate and remove data. We hope that growing up, this will encourage browsers and security vendors to take action to resolve these vulnerabilities that will cause application layer attacks that cannot be resolved through browser patches.”
As the year progresses, security teams can expect monthly disclosures to be documented at https://sqrx.com/research.
About squarex
Squarex’s Industry First Browser Detection and Response (BDR) helps organizations detect, mitigate and threaten client-side web attacks that target employees in real-time. This includes defense against identity attacks, malicious expansion, spear phishing, loss of browser data, and insider threats.
Squarex takes a research and attack-focused approach to browser security. Squarex’s dedicated research team was the first to discover and disclose multiple important attacks, including Last Mile’s reassembly attack, polymorphism extension, S, and browser SyncJacking. As part of the year of the Browser Bug (YOBB) project, SquareX promises to continue to disclose at least one major architectural browser vulnerability each month.
For more information about Squarex’s BDR, users can contact fund@sqrx.com. For reporting inquiries regarding this disclosure regarding the year of browser bugs, users can contact junice@sqrx.com.
contact
PR manager
Junice Liew
squarex
junice@sqrx.com
Source link
