Adeline said this exposure is far from theoretical, as SquareX has been detecting and protecting customers against them. “LMR allows attackers to smuggle any malicious script, site, or file — including known phishing sites and malware – that completely bypasses SWGs,” she explained. “Once it’s inside the browser, enterprises face credential theft, data exfiltration, and monitoring attacks without any oversight from their existing tools.”
SquareX researchers have extended these findings into “Data Splicing Attacks,” showing that attackers, or even insiders, can use similar techniques to exfiltrate sensitive data. Whether through copy-paste operations or peer-to-peer file sharing sites, the data sneaks past traditional data loss prevention (DLP) controls undetected.
According to Adeline, securing channels like WebRTC and gRPC is tough with traditional SASE or SSE tools, which lack browser-level visibility and often force enterprises to block them entirely. Browser-native security, she said, can protect these channels at the “last mile” in the browser by blocking malicious downloads, inspecting phishing sites or malicious scripts in real time.
