Chrome, Safari and other browsers vulnerable to 0.0.0.0 Day vulnerability — what you need to know

Google Chrome logo on laptop
(Image credit: Shutterstock)

It’s not every day that we come across a vulnerability that’s almost two decades old but cybersecurity researchers have discovered a new zero-day flaw that impacts all major browsers.

As reported by The Hacker News, the Israeli app security firm Oligo found what it’s calling a “0.0.0.0 Day” that can be exploited by hackers to access sensitive services running on local devices. The most surprising thing about this critical vulnerability though is that it has laid dormant in popular browsers for 18 years.

The 0.0.0.0 Day impacts all of the top browsers including Google Chrome and other Chromium-based browsers like Edge, Safari and Firefox. However, it’s worth noting that it only affects devices running macOS and Linux. The reason why the best Windows laptops aren’t affected is due to the fact that Microsoft blocks this IP address at the operating system level.

This critical vulnerability can be used to weaponize harmless IP addresses like 0.0.0.0 to exploit local services to allow for unauthorized access and remote code execution by hackers that are not on the same local network.

In a report on the matter, Oligo’s security researchers explain that public websites which have domains that end in “.com” are able to communicate with services running on a local network and execute arbitrary code by using the address 0.0.0.0. The vulnerability also makes bypassing Private Network Access (PNA), which prevents public websites from directly accessing endpoints on a private network, possible.

How to stay safe from browser-based attacks 

A close up of a secure website on an internet browser

(Image credit: Getty Images)

After discovering this vulnerability back in April, Oligo quickly reached out to the companies behind all of the major browsers so that they could implement a fix.

Instead of releasing a security update, Google, Apple, Mozilla and others plan to block the IP address 0.0.0.0 going forward. With the release of Chromium 128 last month, Chrome is already blocking access to 0.0.0.0 but Google’s full fix for this issue won’t be completed for all users until Chrome 133 is released. Meanwhile, Apple has already made changes to the browser engine WebKit which is used by Safari to block access to 0.0.0.0 and Mozilla has also blocked the IP address in Firefox.

When it comes to protecting yourself from other browser-based attacks, the first and most important thing you can do is to keep your browser up to date. I know this may get annoying given how frequently Google releases new updates for Chrome but they only take a minute or so to install and all of your current tabs will be reopened once an update is complete.

Since your browser can be attacked by hackers to infect your computer with malware, you should also consider using the best antivirus software on your Windows PC and the best Mac antivirus software on your Apple computer. Both Windows and macOS ship with built-in antivirus software but paid options provide you with even greater protection along with some useful extras like a VPN or a password manager.

New vulnerabilities like the one described above are discovered and subsequently patched every day which is why you want to stay on top of updates and not let them pile up if you want to stay safe from hackers.

More from Tom's Guide

Network
Arrow
Intego
Norton
Contract Length
Arrow
Showing 2 of 2 deals
Filters
Arrow
TOPICS
Anthony Spadafora
Managing Editor Security and Home Office

Anthony Spadafora is the managing editor for security and home office furniture at Tom’s Guide where he covers everything from data breaches to password managers and the best way to cover your whole home or business with Wi-Fi. He also reviews standing desks, office chairs and other home office accessories with a penchant for building desk setups. Before joining the team, Anthony wrote for ITProPortal while living in Korea and later for TechRadar Pro after moving back to the US. Based in Houston, Texas, when he’s not writing Anthony can be found tinkering with PCs and game consoles, managing cables and upgrading his smart home. 

Read more
Apple iPhone 16 Plus Review.
Apple just released an emergency security update for a flaw used in an ‘extremely sophisticated attack’ — update your devices right now
and image of the Google Chrome logo on a laptop
Billions of Chrome users at risk from new browser-hijacking Syncjacking attack — how to stay safe
iPhone 16 Pro shown held in hand
Apple just patched its first zero-day flaw of the year — update your iPhone and Mac right now
A padlock resting next to the Apple logo on the lid of a gold-colored Apple laptop.
Mac and iPhone users beware — Apple processors can be exploited to steal sensitive information
Windows
240 million Windows 10 users are vulnerable to six different hacker exploits — protect yourself now
and image of the Google Chrome logo on a laptop
Over 600,000 Chrome users at risk after 16 browser extensions compromised by hackers — what you need to know
Latest in Online Security
23andME box
23andMe has declared bankruptcy — here's how to delete your data now
A magnifying glass on top of the Steam logo in a web browser
Valve just pulled a malicious game demo spreading info-stealing malware from Steam
A man filing his taxes electronically on a laptop
AI-powered tax scams are here - how to stay safe from deepfakes, phishing and more this tax season
MacBook Pro 2023
New Mac attack is tricking users into thinking their computer is locked — how to stay safe
Hacker using a stolen social security card
Your Social Security number is a literal gold mine for scammers and identity thieves — here’s how to keep it safe
An open lock depicting a data breach
Half a million teachers hit in major data breach with SSNs, financial data and more exposed — what to do now
Latest in News
Apple Watch Ultra 2
Apple Watch Ultra 3 just tipped for two major upgrades
NYTimes Connections
NYT Connections today hints and answers — Tuesday, March 25 (#653)
Titus Welliver in Bosch Legacy season 3
‘Bosch’ season 3 preview: 5 things to know before the final season on Prime Video
A first look at Amazon's Fallout TV series coming to Prime Video
‘Fallout’ season 3 plans are reportedly being made — while season 2 is still filming
Surface Laptop 7 from the front
Amazon just gave Surface Laptop 7 a 'frequently returned' label — here's what's going on
New emojis with iOS 18.4 beta release.
iOS 18.4 beta brings 8 new emoji to your iPhone — here's all the new options