Save up to $1,100 on Galaxy S24 Ultra!
Amazon Black Friday is here
The Amazon Black Friday deals are here early, enjoy the best discounts of the year now.
00 days
00 hrs
00 mins

Chrome, Firefox, and Safari users need to beware of this security vulnerability

By
3comments
Google News Follow
Follow us on Google News
Apple Apps Google
Chrome, Firefox, and Safari users need to beware of this security vulnerability
Image credit — Pexels

In a recent report, it was revealed that users of Google Chrome, Mozilla Firefox, and Apple Safari need to be extra vigilant due to a security flaw that could give hackers access to business and home security networks. Oligo, a cybersecurity company, found a way for attackers to exploit this weakness by sending harmful requests to a specific IP address (0.0.0.0) to get into the internal network.

This problem, known as the 0.0.0.0-day exploit, affects Chrome, Firefox, and Safari, but only on macOS and Linux computers. Windows computers are not at risk. The browser companies know about the issue and are working on fixing it, but macOS and Linux users are still vulnerable for now.

How the vulnerability works

The exploit uses an old method that's been around for 18 years. Even though security has improved, this method is still a vulnerability. Oligo's blog post explains how they found this issue, and specifically mention an old bug report for Firefox where a user said public websites attacked their router on the internal network.

Since then, people have tried to stop public websites from accessing private networks. Google created the Private Network Access (PNA) specification to protect users from attacks on routers and other private network devices. PNA restricts public websites from sending requests to private local IP addresses like 127.0.0.1 or 192.168.1.1. However, Oligo found out that the IP address 0.0.0.0 is not on the list of protected private or local addresses.

Oligo used 0.0.0.0 to perform the ShadowRay attack, which targets a weakness in the Ray AI framework. This proved that browsers like Safari, Firefox, Chrome, and other Chromium browsers have a serious security issue that still needs to be fixed. The good news is that Windows users are not affected by this vulnerability, as it only affects macOS and Linux software.

Recommended Stories

Efforts to mitigate the issue

Oligo notified the affected browser security teams about the 0.0.0.0-day exploit back in April. Since then, the major browser companies acknowledged the problem, and most are working on fixing it. Chrome is gradually blocking access to 0.0.0.0 for all Chrome and Chromium users, starting with Chrome 128 and finishing by Chrome 133.

Apple has changed WebKit to block access to 0.0.0.0 for Safari users. These changes will be in Safari 18, currently available in the beta version of macOS Sequoia. Older macOS versions will also get the Safari 18 update to fix the 0.0.0.0-day issue.

However, Firefox users might have to wait a bit longer for a fix. Mozilla said that blocking 0.0.0.0 could cause issues for servers using that address, so they haven't blocked it yet but do plan to block it in the future.

What You Can Do

If you use Chrome or Safari, keep your browser updated to ensure you have the latest security patches. Firefox users may need to wait a bit longer for a fix. In the meantime, be cautious about clicking on suspicious links or downloading attachments from unknown sources. These are common ways that attackers try to exploit vulnerabilities.

https://m-cdn.phonearena.com/images/users/326-200/johanna.jpg
Johanna Romero
Johanna 'Jojo the Techie' is a skilled mobile technology expert with over 15 years of hands-on experience, specializing in the Google ecosystem and Pixel devices. Known for her user-friendly approach, she leverages her vast tech support background to provide accessible and insightful coverage on latest technology trends. As a recognized thought leader and official member of #TeamPixel, Johanna ensures she stays at the forefront of Google services and products, making her a reliable source for all things Pixel and ChromeOS.

Recommended Stories

Loading Comments...

Popular stories

T-Mobile introduces welcome change for iPhone users
T-Mobile introduces welcome change for iPhone users
Time has come to say goodbye to T-Mobile app after 12 years
Time has come to say goodbye to T-Mobile app after 12 years
AT&T wants to shut down a network with only 52 users (UPDATE: AT&T responds)
AT&T wants to shut down a network with only 52 users (UPDATE: AT&T responds)
People are hearing voices coming from their iPhone
People are hearing voices coming from their iPhone
This better not be happening: YouTube Premium users are seeing ads
This better not be happening: YouTube Premium users are seeing ads
T-Mobile proves its mettle against Verizon and AT&T by doing for customers what rivals were unable to
T-Mobile proves its mettle against Verizon and AT&T by doing for customers what rivals were unable to

Latest News

Amazon slashes the 512GB Galaxy S24 Ultra by $350 for Black Friday, making it a can't-miss offer
Amazon slashes the 512GB Galaxy S24 Ultra by $350 for Black Friday, making it a can't-miss offer
Surprise Amazon Black Friday deal slashes more than $250 off the cheapest Pixel 9 model
Surprise Amazon Black Friday deal slashes more than $250 off the cheapest Pixel 9 model
Sizzling hot Black Friday 2024 deal makes Apple's 2022 iPad cheaper than ever before
Sizzling hot Black Friday 2024 deal makes Apple's 2022 iPad cheaper than ever before
Oppo Find X8 Series goes global with new Hasselblad camera system, ColorOS 15
Oppo Find X8 Series goes global with new Hasselblad camera system, ColorOS 15
T-Mobile proves its mettle against Verizon and AT&T by doing for customers what rivals were unable to
T-Mobile proves its mettle against Verizon and AT&T by doing for customers what rivals were unable to
Apple releases iPhone and iPad security updates you should install ASAP
Apple releases iPhone and iPad security updates you should install ASAP
FCC OKs Cingular\'s purchase of AT&T Wireless