As part of the Year of Browser Bugs (YOBB) initiative, the SquareX research team recently disclosed a major implementation flaw in Safari's Fullscreen API. Attackers only require a single user click to trigger the Fullscreen API, and transition this into a Browser-in-the-Middle (BitM) attack. Curious how that works?

The user's click triggers a fullscreen BitM window that perfectly mimics a legitimate login page, including the URL displayed on the address bar — making this attack especially insidious. Although this attack applies to all browsers, Safari users are especially vulnerable to this attack as there is no clear visual indicator of users entering fullscreen.

In this technical webinar led by SquareX Security Researcher and Product Evangelist Dakshitaa Babu, you will learn the full attack chain through live demos, mitigation strategies and more!

Webinar starts in:

Security Researcher and Product Evangelist

Dakshitaa Babu is a security researcher and product evangelist at SquareX, where she leads the security research team. A self-taught cybersecurity researcher mentored by offensive security veteran, Vivek Ramachandran, she specializes in web attacks - malicious websites, files, scripts, and extensions capable of bypassing traditional security solutions. Her research directly fuels SquareX's product innovation, ensuring it stays ahead of evolving threats. As a product evangelist, she is the principal author of SquareX's technical collateral.

Dakshitaa has contributed to bleeding-edge browser security research presented at BSides SF Adversary Village, Recon Village, and the DEF CON main stage. Her work on email security bypasses, breaking Secure Web Gateways, MV3 extension vulnerabilities and Browser Syncjacking have been covered by leading media outlets, including Forbes Exclusive, TechRadar, Mashable, The Register, Bleeping Computer, and CyberNews.

Copyright © 2025. All rights reserved.