Watch On-Demand

Disclosed by SquareX in January 2025, Browser Syncjacking is a new attack technique where a single malicious extension can be used to completely hijack the browser, and eventually, the whole device.


Join SquareX's research team for an exclusive technical webinar on the attack. 


Why Attend?

Learn how attackers can weaponize basic extension permissions to achieve full device compromise, bypassing traditional security controls. Our team will demonstrate the complete attack chain, abusing Chrome's sync feature, and discuss implications for enterprise security.

What’s Covered

Overview of the browser security landscape

  • Introducing Browser Detection and Response (BDR)
  • The importance of threat research

Introduction to browser extensions

  • Evolution of browsers & browser extensions
  • Extensions architecture & data exposure

Deep dive into Browser Syncjacking

  • Step-by-step demonstration
  • Mitigation using Browser Detection and Response
  • The research process behind Browser Syncjacking
  • Working with browser vendors

Q&A 

Register Now

Speakers

John Carse

Field CISO, SquareX

John Carse is Field CISO at SquareX, bringing over two decades of cybersecurity expertise to the role. His journey in cybersecurity began in 2003 while working with the US Navy, leading to extensive experience across Japan, Bahrain, Hawaii and Singapore. Prior to joining SquareX, John held executive security roles at major organizations including Dyson, Rakuten, Expedia Group, and JPMorgan.


At SquareX, John combines his deep technical knowledge and business experience to help enterprises understand and defend against browser-based attacks. A seasoned technologist with multiple cloud security patents, he holds an MBA in Entrepreneurship from IE Business School and a Bachelor's in Computer and Information Science from the University of Maryland Global Campus.

Dakshitaa Babu

Security Researcher and Product Evangelist, SquareX

Dakshitaa Babu is a security researcher and product evangelist at SquareX, where she leads the security research team. A self-taught cybersecurity researcher mentored by offensive security veteran, Vivek Ramachandran, she specializes in web attacks - malicious websites, files, scripts, and extensions capable of bypassing traditional security solutions. Her research directly fuels SquareX's product innovation, ensuring it stays ahead of evolving threats. As a product evangelist, she is the principal author of SquareX's technical collateral.


Dakshitaa has contributed to bleeding-edge browser security research presented at BSides SF Adversary Village, Recon Village, and the DEF CON main stage. Her work on email security bypasses, breaking Secure Web Gateways, MV3 extension vulnerabilities and Browser Syncjacking have been covered by leading media outlets, including Forbes Exclusive, TechRadar, Mashable, The Register, Bleeping Computer, and CyberNews.

Browser syncjacking can only be stopped with a browser-native solution that truly understands the runtime behaviour of each extension.
Request a demo and see how SquareX's Browser Detection and Response (BDR) solution stops malicious extensions and other client-side threats.

Find Out More

Copyright © 2025. All rights reserved.