SecurityBrief India - Technology news for CISOs & cybersecurity decision-makers
India
Guides
#
cloud security
#
cybersecurity
#
endpoint protection
#
firewalls
#
ransomware
Search
Story image
#
Cybersecurity
#
Online security
#
Insider threats

SquareX launches 'Year of Browser Bugs' cyber project 2025

Today
Author image
By Melania Watson, Interview Editor

SquareX has announced the "Year of Browser Bugs" (YOBB), a year-long project aimed at highlighting vulnerabilities within web browsers, considered to be a neglected yet critical focus area for security.

In recent years, the browser's role has expanded far beyond its original function, becoming the primary access point for online interactions.

However, security efforts have largely remained focused on traditional endpoints and networks. SquareX's YOBB initiative seeks to change this by bringing attention to the browser as a significant attack vector.

The YOBB project is inspired by past initiatives such as the Month of Bugs (MOB), where security researchers exposed vulnerabilities in major software products over the course of a month.

Past iterations include the Month of Browser Bugs in July 2006 and the Month of Kernel Bugs in November 2006. SquareX intends to follow in these footsteps, moving the focus to application layer attacks executed through web browsers rather than inherent software bugs in the browsers themselves.

Throughout 2025, SquareX plans to release at least one critical attack per month, focusing on previously undiscovered attack methods that exploit the architectural limitations of current browser systems.

This research, conducted solely by SquareX, will include video demonstrations, technical breakdowns, and mitigation techniques.

To date, SquareX has already disclosed several key vulnerabilities as part of the YOBB project. In January 2025, "Browser Syncjacking" was revealed as a technique that could grant attackers complete control over a browser and potentially the device, affecting millions.

In February, a discovery was made of "Polymorphic Extensions" which allow infostealers to masquerade as any browser extension, including susceptible targets such as password managers.

Further back, in August 2024, a significant flaw in secure web gateways was uncovered, and in December 2024, there was disclosure of an OAuth identity attack involving extensions.

Vivek Ramachandran, Founder and CEO of SquareX, commented on the initiative saying, "As browsers become the new endpoint, attackers are increasingly targeting employees to break into organizations and exfiltrate data, just like the Cyberhaven incident."

"Unfortunately, beyond mainstream media attention, there is little done by vendors from a security perspective to prevent similar exploits from happening in the future. The YOBB is our attempt to draw attention to an attack surface that is exponentially growing. We hope that this will serve as a call to action for browser and security vendors to solve these vulnerabilities that give rise to application layer attacks that simply cannot be solved through browser patches."

SquareX's YOBB project is set to continue throughout the year, with monthly disclosures aiming to educate and encourage industry action on browser security vulnerabilities. These disclosures are expected to be documented on their website.

Follow us on:
Follow us on LinkedIn Follow us on X
Share on:
Share on LinkedIn Share on X
Related stories
Global education sector unprepared for rising cyberattacks
Cloudflare expands post-quantum security in Zero Trust Network
Google's in-car gaming sparks cybersecurity concerns
Microsoft patches 56 vulnerabilities, 7 zero days fixed
JFrog & Hugging Face join forces to secure AI models
Top stories
CrowdStrike & NVIDIA launch AI collaboration in security
Pax8 unveils refreshed brand identity for global growth
Hitachi unveils AI-ready iQ M Series to boost data solutions
Building a culture of cyber hygiene
Kore.ai unveils agent platform for scalable enterprise AI