Passkeys are just as vulnerable to browser-side attacks as more traditional forms of authentication, per SquareX. SquareX is a cybersecurity firm known best for its BDR (“Browser Detection and Response”) enterprise security solutions, and has shown that attackers can manipulate the passkey setup and login processes through both script injection and malicious browser extensions.

Source: HotHardware