Chrome, Safari and other browsers vulnerable to 0.0.0.0 Day vulnerability — what you need to know
This critical vulnerability laid dormant for 18 years but can now be used by hackers in their attacks
It’s not every day that we come across a vulnerability that’s almost two decades old but cybersecurity researchers have discovered a new zero-day flaw that impacts all major browsers.
As reported by The Hacker News, the Israeli app security firm Oligo found what it’s calling a “0.0.0.0 Day” that can be exploited by hackers to access sensitive services running on local devices. The most surprising thing about this critical vulnerability though is that it has laid dormant in popular browsers for 18 years.
The 0.0.0.0 Day impacts all of the top browsers including Google Chrome and other Chromium-based browsers like Edge, Safari and Firefox. However, it’s worth noting that it only affects devices running macOS and Linux. The reason why the best Windows laptops aren’t affected is due to the fact that Microsoft blocks this IP address at the operating system level.
This critical vulnerability can be used to weaponize harmless IP addresses like 0.0.0.0 to exploit local services to allow for unauthorized access and remote code execution by hackers that are not on the same local network.
In a report on the matter, Oligo’s security researchers explain that public websites which have domains that end in “.com” are able to communicate with services running on a local network and execute arbitrary code by using the address 0.0.0.0. The vulnerability also makes bypassing Private Network Access (PNA), which prevents public websites from directly accessing endpoints on a private network, possible.
How to stay safe from browser-based attacks
After discovering this vulnerability back in April, Oligo quickly reached out to the companies behind all of the major browsers so that they could implement a fix.
Instead of releasing a security update, Google, Apple, Mozilla and others plan to block the IP address 0.0.0.0 going forward. With the release of Chromium 128 last month, Chrome is already blocking access to 0.0.0.0 but Google’s full fix for this issue won’t be completed for all users until Chrome 133 is released. Meanwhile, Apple has already made changes to the browser engine WebKit which is used by Safari to block access to 0.0.0.0 and Mozilla has also blocked the IP address in Firefox.
Sign up to get the BEST of Tom's Guide direct to your inbox.
Get instant access to breaking news, the hottest reviews, great deals and helpful tips.
When it comes to protecting yourself from other browser-based attacks, the first and most important thing you can do is to keep your browser up to date. I know this may get annoying given how frequently Google releases new updates for Chrome but they only take a minute or so to install and all of your current tabs will be reopened once an update is complete.
Since your browser can be attacked by hackers to infect your computer with malware, you should also consider using the best antivirus software on your Windows PC and the best Mac antivirus software on your Apple computer. Both Windows and macOS ship with built-in antivirus software but paid options provide you with even greater protection along with some useful extras like a VPN or a password manager.
New vulnerabilities like the one described above are discovered and subsequently patched every day which is why you want to stay on top of updates and not let them pile up if you want to stay safe from hackers.
More from Tom's Guide
- FBI issues warning over scammers impersonating banks to steal your debit cards
- New Android malware drains your bank accounts and wipes your device
- 2.9 billion hit in one of the largest data breaches ever — full names, addresses and SSNs exposed
Anthony Spadafora is the managing editor for security and home office furniture at Tom’s Guide where he covers everything from data breaches to password managers and the best way to cover your whole home or business with Wi-Fi. He also reviews standing desks, office chairs and other home office accessories with a penchant for building desk setups. Before joining the team, Anthony wrote for ITProPortal while living in Korea and later for TechRadar Pro after moving back to the US. Based in Houston, Texas, when he’s not writing Anthony can be found tinkering with PCs and game consoles, managing cables and upgrading his smart home.