30% discount on Google Pixel 7a!

Chrome, Firefox, and Safari users need to beware of this security vulnerability

By
3comments
Google News Follow
Follow us on Google News
Apple Apps Google
Chrome, Firefox, and Safari users need to beware of this security vulnerability
Image credit — Pexels

In a recent report, it was revealed that users of Google Chrome, Mozilla Firefox, and Apple Safari need to be extra vigilant due to a security flaw that could give hackers access to business and home security networks. Oligo, a cybersecurity company, found a way for attackers to exploit this weakness by sending harmful requests to a specific IP address (0.0.0.0) to get into the internal network.

This problem, known as the 0.0.0.0-day exploit, affects Chrome, Firefox, and Safari, but only on macOS and Linux computers. Windows computers are not at risk. The browser companies know about the issue and are working on fixing it, but macOS and Linux users are still vulnerable for now.

How the vulnerability works

The exploit uses an old method that's been around for 18 years. Even though security has improved, this method is still a vulnerability. Oligo's blog post explains how they found this issue, and specifically mention an old bug report for Firefox where a user said public websites attacked their router on the internal network.

Since then, people have tried to stop public websites from accessing private networks. Google created the Private Network Access (PNA) specification to protect users from attacks on routers and other private network devices. PNA restricts public websites from sending requests to private local IP addresses like 127.0.0.1 or 192.168.1.1. However, Oligo found out that the IP address 0.0.0.0 is not on the list of protected private or local addresses.

Oligo used 0.0.0.0 to perform the ShadowRay attack, which targets a weakness in the Ray AI framework. This proved that browsers like Safari, Firefox, Chrome, and other Chromium browsers have a serious security issue that still needs to be fixed. The good news is that Windows users are not affected by this vulnerability, as it only affects macOS and Linux software.

Efforts to mitigate the issue

Oligo notified the affected browser security teams about the 0.0.0.0-day exploit back in April. Since then, the major browser companies acknowledged the problem, and most are working on fixing it. Chrome is gradually blocking access to 0.0.0.0 for all Chrome and Chromium users, starting with Chrome 128 and finishing by Chrome 133.

Apple has changed WebKit to block access to 0.0.0.0 for Safari users. These changes will be in Safari 18, currently available in the beta version of macOS Sequoia. Older macOS versions will also get the Safari 18 update to fix the 0.0.0.0-day issue.

However, Firefox users might have to wait a bit longer for a fix. Mozilla said that blocking 0.0.0.0 could cause issues for servers using that address, so they haven't blocked it yet but do plan to block it in the future.

What You Can Do

If you use Chrome or Safari, keep your browser updated to ensure you have the latest security patches. Firefox users may need to wait a bit longer for a fix. In the meantime, be cautious about clicking on suspicious links or downloading attachments from unknown sources. These are common ways that attackers try to exploit vulnerabilities.

https://m-cdn.phonearena.com/images/users/326-200/johanna.jpg
Johanna Romero
Johanna 'Jojo the Techie' is a skilled mobile technology expert with over 15 years of hands-on experience, specializing in the Google ecosystem and Pixel devices. Known for her user-friendly approach, she leverages her vast tech support background to provide accessible and insightful coverage on latest technology trends. As a recognized thought leader and official member of #TeamPixel, Johanna ensures she stays at the forefront of Google services and products, making her a reliable source for all things Pixel and ChromeOS.

Recommended Stories

Loading Comments...

Popular stories

T-Mobile accidentally reveals upcoming iPhone 16 On Us promo
T-Mobile accidentally reveals upcoming iPhone 16 On Us promo
T-Mobile's hot new promo will save you a fortune in the long run with little to no effort
T-Mobile's hot new promo will save you a fortune in the long run with little to no effort
Apple Store seemingly makes iPhone 16 release date official before Tim Cook
Apple Store seemingly makes iPhone 16 release date official before Tim Cook
The Pixel 7 256GB is ready to win hearts once again after a massive discount on Amazon
The Pixel 7 256GB is ready to win hearts once again after a massive discount on Amazon
Leaked photos bring T-Mobile's next big freebie to light
Leaked photos bring T-Mobile's next big freebie to light
The Pixel 7 Pro is 54% off on Amazon and sells like hot cakes
The Pixel 7 Pro is 54% off on Amazon and sells like hot cakes

Latest News

OnePlus 13 launch confirmed for next month after company president reveals "flagship" release date
OnePlus 13 launch confirmed for next month after company president reveals "flagship" release date
'Confirmed' Galaxy S25 Ultra camera specs reportedly include just one big upgrade
'Confirmed' Galaxy S25 Ultra camera specs reportedly include just one big upgrade
Apple may launch new AirPods Max 2 today alongside the low-end AirPods 4
Apple may launch new AirPods Max 2 today alongside the low-end AirPods 4
The affordable Pixel 7a becomes a hot seller with this massive Amazon discount
The affordable Pixel 7a becomes a hot seller with this massive Amazon discount
This Garmin Epix Gen 2 model is now $301 cheaper and a fantastic bargain on Amazon
This Garmin Epix Gen 2 model is now $301 cheaper and a fantastic bargain on Amazon
No Apple Watch Ultra 3 tipped for announcement today, but it's not all bad news for rugged watch fans
No Apple Watch Ultra 3 tipped for announcement today, but it's not all bad news for rugged watch fans
FCC OKs Cingular\'s purchase of AT&T Wireless