SquareX Researchers Reaffirm Browser Security Thought Leadership with Multiple Vulnerability Disclosures
Set to Reveal Critical Architectural Vulnerabilities in Passkey Authentication Systems, Enterprise DLP, and Browser Extensions
SquareX, the leading browser security company, will be disclosing multiple key research findings at Black Hat USA and DEF CON 2025 this August. Through multiple talks, the researchers will be revealing critical architectural vulnerabilities in passkey authentication systems, enterprise DLP, and browser extensions.
At Black Hat USA, SquareX Founder Vivek Ramachandran will present “Browser-Native Security in a Browser First World.” The talk addresses how enterprises defend against browser-based threats when employees now spend 80% of their device time in browsers. Vivek will reveal the latest TTPs attackers are using to bypass existing security technologies like SASE, EDR, and endpoint DLP.
At the DEF CON 33 mainstage, Shourya Pratap Singh, Jonathan Lin and Daniel Seetoh will reveal a new technique for subverting passkey authentication in the talk “Passkeys Pwned: Turning WebAuthn Against Itself.” Over the past three years, passkeys have gained widespread adoption among major vendors like Apple, Google, and Microsoft, aiming to replace passwords with a more secure authentication method. Despite passkeys being positioned as the future of secure authentication, SquareX research demonstrates that passkeys remain vulnerable to sophisticated attacks.
At Recon Village, Nishant Sharma and Shourya Pratap Singh will present “Plug and Prey: Scanning and Scoring Browser Extensions,” introducing ExtHuntr, an open-source tool that scans for installed browser extensions, analyzes their permissions and behavior, generates risk scores and gives defenders visibility that they need.
SquareX’s Head of Security Research Nishant Sharma will also conduct a two-hour workshop titled “Serverless but Not Defenseless: A Security Deep Dive into Cloud Run” at Cloud Village, equipping attendees with a practical guide to securely deploy and manage services on Cloud Run using DevSecOps principles and more.
SquareX to Announced Pioneering Research
Also at Black Hat USA, SquareX’s Audrey Adeline will also participate in “The Trailblazer’s Guide to Cybersecurity,” discussing the experiences of first-generation technology professionals in cybersecurity and share more about the official launch of The Browser Security Field Manual, a book written in collaboration with top Fortune 500 and leading tech company CISOs on the latest techniques attackers are using to target employees in the browser.
“Over the past year, we have been releasing bleeding edge research on architectural browser vulnerabilities as part of the Year of Browser Bugs project. We believe that deeply understanding the attacker mindset is the only way to defend against the newest threat vectors, and we believe that it is critical to share these findings at industry leading conferences like Black Hat and DEF CON,” said Vivek Ramachandran, Founder of SquareX. “This year’s research demonstrates critical gaps that traditional security solutions simply cannot address—everything from passkey to browser extension vulnerabilities. We will also be sharing multiple open source browser-native security tools that enterprises need to plug the browser security gap.”
