Critical "0.0.0.0-Day" Vulnerability Affects Major Browsers on macOS and Linux

BigGo Editorial Team
Critical "0.0.0.0-Day" Vulnerability Affects Major Browsers on macOS and Linux

Critical 0.0.0.0-Day Vulnerability Affects Major Browsers on macOS and Linux

A recently discovered security vulnerability dubbed the 0.0.0.0-day exploit has been found to affect Google Chrome, Mozilla Firefox, and Apple Safari browsers on macOS and Linux systems. The flaw, which has potentially existed for 18 years, could allow malicious websites to access internal networks and devices.

The Vulnerability Explained

Cybersecurity firm Oligo uncovered the exploit, which takes advantage of how browsers handle requests to the IP address 0.0.0.0. This address is not included in the list of protected private or local addresses, allowing attackers to bypass security measures like Google's Private Network Access (PNA) specification.

Key points about the vulnerability:

  • Affects Chrome, Firefox, and Safari on macOS and Linux
  • Windows systems are not vulnerable due to system-level blocking of 0.0.0.0
  • Potentially exploitable since 2006
  • Allows public websites to communicate with services on local networks

Impact and Scope

While the percentage of websites potentially exploiting this vulnerability is relatively small (0.015% according to Chromium counters), the sheer number of active websites means up to 100,000 could be affected. The true number of malicious actors leveraging this exploit remains unknown.

Browser Vendors Respond

Major browser developers are taking steps to address the vulnerability:

  • Google Chrome: Gradually blocking access to 0.0.0.0 from Chrome 128 to 133
  • Apple Safari: Blocked in WebKit, with fixes coming in Safari 18 (currently in beta)
  • Mozilla Firefox: Plans to block 0.0.0.0 in the future, but no immediate fix due to potential server issues

What Users Should Do

  1. Keep browsers updated to ensure you have the latest security patches
  2. Be cautious when clicking links or downloading attachments from unknown sources
  3. macOS and Linux users should be especially vigilant until all browser patches are fully implemented

This incident serves as a reminder that even long-standing and widely used software can harbor significant security flaws. It also highlights the importance of ongoing security research and prompt action by software developers to address vulnerabilities.