Experts warn that some of the world’s largest and most popular browsers are vulnerable to a flaw that could allow attackers to steal sensitive information from endpoints.
Cybersecurity researchers at Oligo recently discovered the “0.0.0.0-day attack” – a way to abuse the way Apple’s Safari, Google’s Chrome, and Mozilla’s Firefox handle queries to the address 0.0.0.0.
Normally, browsers would redirect the user to another IP address, such as “localhost”, which is usually a server or computer on a private computer. However, by sending a malicious request to the target’s 0.0.0.0 IP address, the attackers can obtain private information. This can be done via phishing or social engineering, where a victim is somehow tricked into opening a malicious website.
Apple and Google are working on a solution
According to the researchers, the vulnerability is currently being exploited in the wild, with developers working on a permanent fix.
“Developer code and internal messages are good examples of information that is directly accessible,” said Avi Lumelsky, an AI security researcher at Oligo. Forbes“But more importantly, exploiting 0.0.0.0-day can give the attacker access to the victim’s internal private network, opening up a wide range of attack vectors.”
The attack vector is somewhat limited, as it only affects individuals and companies hosting web servers. However, this still leaves a large attack surface.
There’s also evidence of exploitation in the wild. A Google security engineer confirmed it in a post on the Chromium forums earlier this year, but noted that the flaw can only be exploited on Apple devices since Microsoft blocks 0.0.0.0 in Windows, something Apple plans to do with the macOS 15 Sequoia beta.
Google is set to do the same with Chromium and Chrome. Only Mozilla remains, which is currently exploring its options.
