Critical Security Vulnerabilities Found in Popular Browsers

TapTechNews August 9th news, the cyber security company OligoSecurity has newly warned and reported the security vulnerabilities existing in Chrome, Firefox and Safari browsers, through which hackers can invade the local network.

0.0.0.0Day Vulnerability

The team named this vulnerability 0.0.0.0Day, which can be traced back 18 years ago. Hackers mainly utilize the seemingly harmless IP address of 0.0.0.0 to attack local services (including services for development, operating systems and even internal networks).

The team said this vulnerability exposes a fundamental defect in the handling of network requests by browsers and may allow malicious actors to access sensitive services running on local devices.

This error can be traced back to 2006, and Mozilla Corporation shows the related problem on its BUG tracking page, and it is shown as 2008 on the Chromium BUG tracking page, but currently both BUGs are shown as Open and not repaired.

All Mainstream Browsers Affected

The agency said that including Chromium, Firefox and Safari, all mainstream browsers have this logical vulnerability.

Attackers can, on macOS and Linux distributions, use this vulnerability to let public websites (such as those ending with.com) access local network (localhost) services and may execute arbitrary code on the visitor's host by using the 0.0.0.0 address instead of localhost/127.0.0.1.

TapTechNews learned from the report that Windows system versions are not affected.

Evidence of Hacker Attacks Already Exists

Experts urge to address this vulnerability, and there is already evidence that hackers have launched attacks using this.

According to the counter in Chromium, the proportion of websites sending 0.0.0.0 is increasing. These webpages may be malicious and currently account for 0.015% of all websites. As of August 2024, there are 200 million websites globally, and there may be up to about 10,000 public websites that are communicating using 0.0.0.0.