Serious security vulnerability discovered threatens millions of users of popular web browsers

Accordingly, a recent report by the Israeli cybersecurity company Oligo has sounded the alarm for millions of users of Chrome, Firefox and Safari web browsers. A serious security flaw that has just been discovered can open the door for hackers to penetrate the internal networks of both businesses and families.

According to Oligo's research, an attacker could exploit this weakness by sending malicious requests to a special IP address (0.0.0.0) to launch an attack on the user's web browser.

Dubbed the “0.0.0.0 Day attack,” the attack is threatening Chrome, Firefox, and Safari users on macOS and Linux. Windows computers are safe for now. Developers are rushing to patch the bug, but macOS and Linux users are still vulnerable for now.

How does the 0.0.0.0 Day Vulnerability work?

The vulnerability leverages an attack vector that has been known for 18 years. Although security measures have been strengthened over time, the vulnerability has not been fully patched. In a blog post, the Oligo team detailed how they discovered the weakness, citing an old Firefox bug report that shows signs of long-standing internal network attacks.

To combat the problem of public websites infiltrating internal networks, Google introduced the Private Network Access (PNA) feature, which blocks access requests to private IP addresses such as 127.0.0.1 or 192.168.1.1. However, Oligo's research shows a serious vulnerability when the special IP address 0.0.0.0 is not on the restricted list, opening up new attack opportunities for bad actors.

Oligo has demonstrated through testing that the IP address 0.0.0.0 can be an effective attack vector when combined with security vulnerabilities in software. This proves that browsers like Safari, Firefox, Chrome, and other Chromium browsers have serious security issues that still need to be fixed. The good news is that Windows users are not affected by this vulnerability, as it only affects macOS and Linux software.

What do browser developers do to minimize damage to users?

In April, Oligo reported a serious security vulnerability related to the IP address 0.0.0.0 to browser developers. After confirming the information, major browser companies such as Chrome quickly deployed fixes. Specifically, Chrome has blocked access to this IP address in versions 128 to 133.

Similarly, to protect users from the 0.0.0.0 Day attack, Apple has decided to block access to this IP address on the Safari browser. This feature will be available in Safari 18, which comes with macOS Sequoia, and will be updated for older versions of macOS, ensuring all Safari users are protected.

While other browsers like Chrome and Safari have moved quickly to fix the vulnerability, Firefox users may have to wait longer. Mozilla said blocking this IP address could impact some servers and is considering it carefully before implementing it.

And advice for web browser users?

The newly discovered security vulnerability is very serious and can be exploited by bad guys to attack your system. If you are using Chrome or Safari, update your browser immediately to patch the vulnerability. Firefox users should wait patiently for the update and in the meantime, avoid clicking strange links or downloading files from unknown sources.