Chrome, Firefox and Safari users need to beware of this vulnerability

A recent report revealed that Google Chrome, Mozilla Firefox and Apple Safari users need to be extra vigilant as there is a security flaw that could give hackers access to corporate and home security networks. Oligo, a cybersecurity company, has found a way for attackers to exploit this vulnerability by sending malicious requests to a specific IP address (0.0.0.0) to gain access to the internal network.

This issue, known as the 0.0.0.0-day exploit, affects Chrome, Firefox, and Safari, but only on macOS and Linux computers. Windows computers are not at risk. Browser companies are aware of the problem and are working on a solution, but macOS and Linux users are currently still at risk.

How the vulnerability works

The exploit uses an old method that has been around for 18 years. Even though security has been improved, this method still presents a vulnerability. Oligo's blog post explains how they discovered this issue, specifically mentioning an old bug report for Firefox where a user claimed public websites had attacked their router on the internal network. Since then, people have been trying to prevent public websites from accessing private networks. Google created the Private Network Access (PNA) specification to protect users from attacks on routers and other private network devices. PNA prevents public websites from sending requests to private local IP addresses such as 127.0.0.1 or 192.168.1.1. However, Oligo found that the IP address 0.0.0.0 is not on the list of protected private or local addresses. Oligo used 0.0.0.0 to conduct the ShadowRay attack, which targets a vulnerability in the Ray AI framework. This has proven that browsers like Safari, Firefox, Chrome and other Chromium browsers have a serious security issue that is yet to be fixed. The good news is that Windows users are not affected by this vulnerability as it only affects macOS and Linux software.

Efforts to contain the problem

Oligo notified affected browser security teams about the 0.0.0.0 day exploit back in April. Since then, major browser companies have acknowledged the issue and most are working to fix it. Chrome is gradually blocking access to 0.0.0.0 for all Chrome and Chromium users, starting with Chrome 128 and ending with Chrome 133.

Apple has changed WebKit to block access to 0.0.0.0 for Safari users. These changes will be included in Safari 18, which is currently available in macOS Sequoia beta. Older macOS versions will also receive the Safari 18 update to fix the 0.0.0.0 days issue.

Firefox users may have to wait a little longer for a solution, however. Mozilla stated that blocking 0.0.0.0 could cause problems for servers using that address, so the address has not been blocked yet, but plans to do so in the future.

What you can do

If you use Chrome or Safari, update your browser regularly to make sure you have the latest security patches. Firefox users may have to wait a little longer for a fix. In the meantime, be careful when clicking on suspicious links or downloading attachments from unknown sources. These are common ways attackers try to exploit vulnerabilities.

Leave a Reply

Your email address will not be published. Required fields are marked *