Chrome, Safari and other browsers vulnerable to 0.0.0.0 Day vulnerability — what you need to know

Share

• Copy link
• Facebook
• X
• Whatsapp
• Reddit
• Pinterest
• Flipboard
• Email

Share this article

Join the conversation

Follow us

Add us as a preferred source on Google

Newsletter

Get the Tom's Guide Newsletter

Here at Tom’s Guide our expert editors are committed to bringing you the best news, reviews and guides to help you stay informed and ahead of the curve!

Become a Member in Seconds

Unlock instant access to exclusive member features.

Contact me with news and offers from other Future brands Receive email from us on behalf of our trusted partners or sponsors

---

By submitting your information you agree to the Terms & Conditions and Privacy Policy and are aged 16 or over.

You are now subscribed

Your newsletter sign-up was successful

---

Want to add more newsletters?

Daily (Mon-Sun)

Tom's Guide Daily

Sign up to get the latest updates on all of your favorite content! From cutting-edge tech news and the hottest streaming buzz to unbeatable deals on the best products and in-depth reviews, we’ve got you covered.

Signup +

Weekly on Thursday

Tom's AI Guide

Be AI savvy with your weekly newsletter summing up all the biggest AI news you need to know. Plus, analysis from our AI editor and tips on how to use the latest AI tools!

Signup +

Weekly on Friday

Tom's iGuide

Unlock the vast world of Apple news straight to your inbox. With coverage on everything from exciting product launches to essential software updates, this is your go-to source for the latest updates on all the best Apple content.

Signup +

Weekly on Monday

Tom's Streaming Guide

Our weekly newsletter is expertly crafted to immerse you in the world of streaming. Stay updated on the latest releases and our top recommendations across your favorite streaming platforms.

Signup +

---

Join the club

Get full access to premium articles, exclusive features and a growing list of member rewards.

Explore

---

An account already exists for this email address, please log in.

Subscribe to our newsletter

It’s not every day that we come across a vulnerability that’s almost two decades old but cybersecurity researchers have discovered a new zero-day flaw that impacts all major browsers.

As reported by The Hacker News, the Israeli app security firm Oligo found what it’s calling a “0.0.0.0 Day” that can be exploited by hackers to access sensitive services running on local devices. The most surprising thing about this critical vulnerability though is that it has laid dormant in popular browsers for 18 years.

The 0.0.0.0 Day impacts all of the top browsers including Google Chrome and other Chromium-based browsers like Edge, Safari and Firefox. However, it’s worth noting that it only affects devices running macOS and Linux. The reason why the best Windows laptops aren’t affected is due to the fact that Microsoft blocks this IP address at the operating system level.

This critical vulnerability can be used to weaponize harmless IP addresses like 0.0.0.0 to exploit local services to allow for unauthorized access and remote code execution by hackers that are not on the same local network.

In a report on the matter, Oligo’s security researchers explain that public websites which have domains that end in “.com” are able to communicate with services running on a local network and execute arbitrary code by using the address 0.0.0.0. The vulnerability also makes bypassing Private Network Access (PNA), which prevents public websites from directly accessing endpoints on a private network, possible.

How to stay safe from browser-based attacks 

After discovering this vulnerability back in April, Oligo quickly reached out to the companies behind all of the major browsers so that they could implement a fix.

Instead of releasing a security update, Google, Apple, Mozilla and others plan to block the IP address 0.0.0.0 going forward. With the release of Chromium 128 last month, Chrome is already blocking access to 0.0.0.0 but Google’s full fix for this issue won’t be completed for all users until Chrome 133 is released. Meanwhile, Apple has already made changes to the browser engine WebKit which is used by Safari to block access to 0.0.0.0 and Mozilla has also blocked the IP address in Firefox.

When it comes to protecting yourself from other browser-based attacks, the first and most important thing you can do is to keep your browser up to date. I know this may get annoying given how frequently Google releases new updates for Chrome but they only take a minute or so to install and all of your current tabs will be reopened once an update is complete.

Since your browser can be attacked by hackers to infect your computer with malware, you should also consider using the best antivirus software on your Windows PC and the best Mac antivirus software on your Apple computer. Both Windows and macOS ship with built-in antivirus software but paid options provide you with even greater protection along with some useful extras like a VPN or a password manager.

New vulnerabilities like the one described above are discovered and subsequently patched every day which is why you want to stay on top of updates and not let them pile up if you want to stay safe from hackers.

More from Tom's Guide

• FBI issues warning over scammers impersonating banks to steal your debit cards
• New Android malware drains your bank accounts and wipes your device
• 2.9 billion hit in one of the largest data breaches ever — full names, addresses and SSNs exposed

Network

Contract Length

Any Contract Length

12 Months Contracts

Showing 4 of 4 deals

Filters☰

SORT BYMonthly cost (low to high)Monthly cost (high to low)Product Name (A to Z)Product Name (Z to A)

Mac Premium Bundle

$39.99

View

58% off 1st yr

Norton 360 Deluxe 5D

$119.99

$49.99

/year

View

McAfee+ Premium - Unlimited Devices

$49.99

View

McAfee+ Premium - Unlimited Devices

$49.99

View