This initiative aims to highlight vulnerabilities in browser security, an area often overlooked in research.
PALO ALTO, Calif., March 18, 2025 — SquareX, a leader in Browser Detection and Response (BDR), has announced the “Year of Browser Bugs” (YOBB). This year-long project will focus on the need for greater security research into browser vulnerabilities, which are often an overlooked attack vector.
The browser has evolved into a primary interface for internet interaction, used for work, leisure, and transactions. However, traditional security measures still prioritize endpoints and networks, despite the rise in browser-based attacks.
The YOBB project takes inspiration from the “Month of Bugs” (MOB), a past cybersecurity initiative where researchers published a significant vulnerability in major software each day of the month. MOB projects significantly improved how companies approached security and responsible disclosure. Previous projects included the Month of Browser Bugs (July 2006), Month of Kernel Bugs (November 2006), and Month of Apple Bugs (January 2007). SquareX aims to revive this approach with YOBB to raise awareness of browser cyberthreats. Unlike the original Month of Browser Bugs, which focused on bugs within the browser software, SquareX will reveal application-layer attacks that can be delivered through any website, app, or cloud data storage accessed via a browser.
Throughout 2025, SquareX’s research team will disclose at least one critical web attack each month as part of the YOBB project. The focus will be on vulnerabilities that take advantage of the browser’s architectural limitations and existing security solutions. The research will uncover new attack methods previously unknown to the cybersecurity community. Each disclosure will include video demonstrations of the attacks, technical analyses, and mitigation techniques. The disclosures will be based on SquareX’s own research and discoveries, not a compilation of existing security findings.
The YOBB initiative has already seen major releases from SquareX since 2024, continuing into the first two months of 2025:
2025
- January:
- February:
2024
- August:
- December:
According to , Founder and CEO of SquareX, “As browsers become the primary endpoint, attackers are increasingly targeting employees to infiltrate organizations and steal data, similar to the Cyberhaven incident. Unfortunately, despite media attention, security vendors are not doing enough to prevent such exploits in the future. YOBB is our effort to highlight this growing attack surface. We hope it will encourage browser and security vendors to address these vulnerabilities that enable application-layer attacks, which cannot be resolved with simple browser patches.”
Security teams can find monthly disclosures documented at throughout the year.
About SquareX
SquareX’s Browser Detection and Response (BDR) technology helps organizations identify, mitigate, and hunt client-side web attacks targeting employees in real time. This includes protection against identity attacks, malicious extensions, spearphishing, browser data loss, and insider threats.
SquareX utilizes a research and attack-focused approach to browser security. Their research team has been the first to discover and disclose several key attacks, including Last Mile Reassembly Attacks, Polymorphic Extensions, and Browser Syncjacking. As part of the Year of Browser Bugs (YOBB) project, SquareX is committed to continuously disclosing at least one major architectural browser vulnerability each month.
To learn more about SquareX’s BDR, users can contact . For press inquiries on this disclosure on the Year of Browser Bugs, users can contact .
Contact
Head of PR
Junice Liew
SquareX
junice@sqrx.com
A photo accompanying this announcement is available at
“`
