The Good Tech Companies - SquareX Launches "Year Of Browser Bugs" (YOBB) To Expose Critical Security Blind Spots

Starting point is 00:00:00 This audio is presented by Hacker Noon, where anyone can learn anything about any technology. Square X launches, Year of Browser Bugs, Yob, to expose critical security blind spots, by Cyber Newswire. Palo Alto, USA, March 18, 2025, Cyber Newswire, Square X, a pioneer in browser detection and response, BDR, Space, announced the launch of the Year of Browser Bugs, Yob, project today. A year-long initiative to draw attention to the lack of security research and rigor in what remains one of the most understudied attack vectors, the browser. The browser has evolved from a simple

Starting point is 00:00:38 web rendering engine to be the new endpoint, the primary gateway through which users interact with the Internet, for work, leisure, and transactions. Yet, traditional security solutions continue to focus on endpoints and networks despite the exponential growth of browser-native attacks. The YOBB project was inspired by Month of Bugs, MOB, an iconic cybersecurity initiative where security researchers would publish one major vulnerability found in major software providers every day of the month. MOB projects played a huge role in improving the gravity at which security and responsible disclosure

Starting point is 00:01:12 are taken in these companies. Notable projects included the month of browser bugs, July 2006, month of kernel bugs, November 2006, and month of Apple bugs, January 2007. Square X is bringing back this tradition with the YOBB to raise awareness of cyber threats that the browser is vulnerable to. However, unlike HD Moore's original month of browser bugs which focused on software bugs in the browser itself, Square X will be disclosing application layer attacks that can be delivered through any website, app, or cloud data storage accessed through the browser. Throughout 2025, Square-X's research team will disclose at least one critical web attack

Starting point is 00:01:52 per month as part of the YOBB project, focusing on vulnerabilities that exploit architectural limitations of the browser and incumbent solutions. The research will reveal never-seen-before attack vectors that remain unknown even to the cybersecurity community. Each disclosure will include attack video demonstrations, technical breakdowns, and mitigation strategies. Thesee disclosures will be wholly Square X research and discovered, rather than an aggregation of existing security research. Under the YOBB initiative, Square X has already made major releases since 2024 and into the first two months of 2025 to 2025 January, Square X discloses, Browser Syncjacking,

Starting point is 00:02:33 a new attack technique that provides full browser and device control, putting millions at risk. February, Square X unveils polymorphic extensions that morph infostealers into any browser extension, password managers, wallets at risk.2024 August. Square X uncovers critical flaw in secure web gateways. December. Cyberhaven's OAuth identity attack. Are your extensions affected? Greater than quoting Vivek Ramachandran, the founder and CEO of Square X, as browsers greater than become the new endpoint, attackers are increasingly targeting employees to greater than break into organizations and exfiltrate data, just like the Cyberhaven greater than incident.

Starting point is 00:03:14 Unfortunately, beyond mainstream media attention, there is little greater than done by vendors from a security perspective to prevent similar exploits from greater than happening in the future. The YOBB is our attempt to draw attention to an greater-than-attack surface that is exponentially growing. We hope that this will serve as greater than a call to action for browser and security vendors to solve these greater-than vulnerabilities that give rise to application-layer attacks that simply cannot greater than be solved through browser patches.

Starting point is 00:03:42 As the year progresses, security teams can expect monthly disclosures to be documented at https://sqrx.com. Research.About Square X Square X's industry first browser detection and response, BDR, helps organizations detect, mitigate and threat hunt client-side web attacks targeting employees in real time. This includes defending against identity attacks, malicious extensions, spearfishing, browser data loss, and insider threats. Square X takes a research and attack-focused approach to browser security. Square X's dedicated research team was the first to discover and disclose multiple pivotal attacks, including last-mile reassembly attacks, polymorphic extension, S, and browser syncjacking.

Starting point is 00:04:27 As part of the Year of Browser Bugs, Yob, project, Square X commits to continue disclosing at least one major architectural browser vulnerability every month. To learn more about Square X's BDR, users can contact founder at sqrx.com. For press inquiries on this disclosure on the year of browser bugs, users can contact Junus at sqrx.com.contact head of pr junus liu square x junus at sqrx.com. Tip This story was distributed as a release by CyberNewsWire under HackerNoon's business blogging program. Learn more about the program here. Thank you for listening to this HackerNon story, read by Artificial Intelligence.

Starting point is 00:05:06 Visit hackernoon.com to read, write, learn and publish.

The Good Tech Companies - SquareX Launches "Year Of Browser Bugs" (YOBB) To Expose Critical Security Blind Spots

There aren't comments yet for this episode. Click on any sentence in the transcript to leave a comment.