openPR Logo
Press release

Fullscreen BitM Attack Discovered by SquareX Exploits Browser Fullscreen APIs to Steal Credentials in Safari

05-30-2025 12:02 PM CET | IT, New Media & Software

Press release from: SquareX

Fullscreen BitM Attack Discovered by SquareX Exploits Browser

PALO ALTO, Calif., May 29, 2025 - Today, SquareX released new threat research on an advanced Browser-in-the-Middle (BitM) attack targeting Safari users. As highlighted by Mandiant, adversaries have been increasingly using BitM attacks to steal credentials and gain unauthorized access to enterprise SaaS apps. BitM attacks work by using a remote browser to trick victims into interacting with an attacker-controlled browser via a pop-up window in the victim's browser. A common BitM attack involves displaying the legitimate login page of an enterprise SaaS app, deceiving victims into divulging credentials and other sensitive information thinking that they are conducting work on a regular browser window.

Despite this, one flaw that BitM attacks always had was the fact that the parent window would still display the malicious URL, making the attack less convincing to a security-aware user. However, as part of the Year of Browser Bugs (YOBB) project, SquareX's research team highlights a major Safari-specific implementation flaw using the Fullscreen API. When combined with BitM, this vulnerability can be exploited to create an extremely convincing Fullscreen BitM attack, where the BitM window opens up in fullscreen mode such that no suspicious URLs from the parent window is seen. Safari users are especially vulnerable to this attack as there is no clear visual indicator of users entering fullscreen. We have disclosed this vulnerability to Safari and were regrettably informed that there is no plan to address the issue.

The current Fullscreen API specifies that "the user has to interact with the page or a UI element in order for this feature to work." However, what the API does not specify is what kind of interaction is required to trigger fullscreen mode. Consequently, attackers can easily embed any button - such as a fake login button - in the pop-up that calls the Fullscreen API when clicked. This triggers a fullscreen BitM window that perfectly mimics a legitimate login page, including the URL displayed on the address bar.

"The Fullscreen BitM attack highlights architectural and design flaws in browser APIs, specifically the FullScreen API," says the researchers at SquareX, "Users can unknowingly click on a fake button and trigger a fullscreen BitM window, especially in Safari where there is no notification when the user enters fullscreen mode. Users that typically rely on URLs to verify the legitimacy of a site will have zero visual cues that they are on an attacker-controlled site. With how advanced BitM is becoming, it is critical for enterprises to have browser-native security measures to stop attacks that can no longer be visually identified by even the most security aware individuals."

While BitM attacks have primarily been used to steal credentials, session tokens and SaaS application data, the fullscreen variant has the potential to lead to even more damage by making the attack imperceptible for most ordinary enterprise users. For instance, the landing site may have a button that claims to link to a government resource and opens up to a fake government advisory page to spread misinformation and even gather sensitive company and personally identifiable information (PII). The victim can even subsequently open additional tabs in the attacker-controlled window, allowing adversaries to fully monitor the victim's browsing activity.

Are other browsers vulnerable to Fullscreen BitM attacks too?
Unlike Safari, Firefox, Chrome, Edge and other Chromium-based browsers display a user message whenever the full-screen mode is toggled. However, this notification is extremely subtle and momentary in nature - most employees may not notice or register this as a suspicious sign. Additionally, the attacker can also use dark modes and colors to make the notification even less noticeable. By contrast, Safari does not have a messaging requirement - the only visual sign of entering fullscreen mode is a "swipe" animation. Thus, while the attack shows no clear visual cues in Safari browsers, other browsers are also exposed to the same Fullscreen API vulnerability that makes the Fullscreen BitM attack possible.

Existing security solutions fail to detect Fullscreen BitM attacks
Unfortunately, EDRs have zero visibility into the browser and are proven to be obsolete when it comes to detecting any BitM attack, much less its more advanced fullscreen variant. Additionally, orchestrating the attack with technologies such as remote browser and pixel pushing will also allow it to bypass SASE/SSE detection by eliminating any suspicious local traffic. As a result, without access to rich browser metrics, it is impossible for security tools to detect and mitigate Fullscreen BitM attacks. Thus, as phishing attacks become more sophisticated to exploit architectural limitations of browser APIs that are either unfixable or will take significant time to fix by browser providers, it is critical for enterprises to rethink their defense strategy to include advanced attacks like Fullscreen BitM in the browser.

To learn more about this security research, visit https://sqrx.com/fullscreen-bitm.

SquareX's research team is also holding a webinar on June 5th, 10am PT/1pm ET to dive deeper into the full attack chain.

SquareX Inc.
3790 El Camino Real #1164
Palo Alto, CA 94306
United States
Junice Liew
Head of PR
junice@sqrx.com

About SquareX
SquareX is a pioneering Browser Detection and Response (BDR) that empowers organizations to proactively detect, mitigate, and effectively threat-hunt client-side web attacks. SquareX provides critical protection against a wide range of browser security threats, including malicious browser extensions, advanced spearphishing, browser-native ransomware, genAI DLP, and more. Unlike legacy security approaches and cumbersome enterprise browsers, SquareX seamlessly integrates with users' existing consumer browsers, ensuring enhanced security without compromising user experience or productivity. By delivering unparalleled visibility and control directly within the browser, SquareX enables security leaders to reduce their attack surface, gain actionable intelligence, and strengthen their enterprise cybersecurity posture against the newest threat vector - the browser. Find out more on www.sqrx.com.

The Fullscreen BitM Attack disclosure is part of the Year of Browser Bugs project. Every month, SquareX's research team releases a major web attack that focuses on architectural limitations of the browser and incumbent security solutions. Previously disclosed attacks include Browser Syncjacking, Polymorphic Extensions and Browser-Native Ransomware.

To learn more about SquareX's BDR, contact us at founder@sqrx.com. For press enquiries on this disclosure or the Year of Browser Bugs, email us at junice@sqrx.com.

This release was published on openPR.

Permanent link to this press release:

Copy
Please set a link in the press area of your homepage to this press release on openPR. openPR disclaims liability for any content contained in this release.

You can edit or delete your press release Fullscreen BitM Attack Discovered by SquareX Exploits Browser Fullscreen APIs to Steal Credentials in Safari here

News-ID: 4043094 • Views:

More Releases from SquareX

SquareX raises $6 Million to Empower Users to be Fearless Online
SquareX raises $6 Million to Empower Users to be Fearless Online
SquareX raises $6 Mn to empower users to be fearless online Coming out of stealth, the cybersecurity startup is launching a productivity-first security solution SquareX has raised the seed round from Sequoia Capital Southeast Asia Singapore, 10th May, 2023: SquareX, led by serial cybersecurity expert Vivek Ramachandran, is developing a browser-based cybersecurity product to keep consumers safe online. The company announced that it has raised USD 6 million in

More Releases for BitM

Leading the AI Revolution: Nihar Malali Awarded Best Paper Presenter for Federat …
Image: https://www.abnewswire.com/upload/2025/05/bc3ef373793b7523fd50a8813ce9ba1f.jpg In an era where data privacy intersects intricately with technological advancement, Principal Solutions Architect Nihar Malali (effective December 2024) at National Life Group is at the forefront of innovation, receiving distinguished recognition for his contributions to artificial intelligence research. Recently honored with a prestigious academic accolade, Malali was awarded the "Best Paper Presenter" at the 4th IEEE International Conference on Distributed Computing and Electrical Circuits and Electronics (ICDCECE-2025), organized
BitMoney Providing a Unique Trading Strategy Joins FasterCapital's Raise Capital …
FasterCapital, a global online incubator and accelerator, is delighted to announce the acceptance of BITM, a cutting-edge startup dedicated to providing a consistent and dependable passive income stream for its clients, into its Raise Capital program. This collaboration marks a significant milestone for both organizations as they join forces to drive innovation, growth, and success in the cryptocurrency trading industry. Based in Uzbekistan, BitMoney stands out in the market for its
Innovation Hub Inaugurated at India today’s top ranking Birla Science Museum P …
A desert in spite of its frightening fascination, throws up incredible surprises mainly natural but sometimes human made and one such at Pilani in the midst of Rajasthan Thar desert is a new generation museum with 70000 square feet of built up area. Birla Science Museum Pilani which is India today’s first science and technology museum was the dream of doyen and Ratan of Indian industry Padma Vibhushan Shri GD Birla.
Pilani Museum Director’s Conference - Sangam University VC Talks on Social Med …
The Birla Museum Pilani in Rajasthan is the first and foremost science and museum of India and is undoubtedly one among the top ranking in the global arena. The 12th All India Conference of Heads of Science Museums / Centres known as Director's Conference was held at Birla Museum Pilani during December 7-9, 2012. The conference was inaugurated by Dr SN Joshi Scientist Emeritus CEERI Pilani. Theme of the Conference was
Graduation Day Celebrations for BITS Pilani NCSM Kolkata Collaborative MS Scienc …
When two institutions join hands for a mission with passion, there are no dreams too large, no innovation unimaginable and no frontiers beyond reach. Established in 1978 to popularize Science, the National Council of Science Museums (NCSM), Kolkata has so far successfully developed over 25 museums and science centers across India and it has plans to set up a Science Centre in each district headquarters of India. The Birla Institute of