It's not every day you come across a vulnerability that is nearly 20 years old, but cybersecurity researchers have discovered a new zero-day flaw that affects all major browsers
As reported by The Hacker News, Israeli app security firm Oligo has discovered what it calls a "0000 day" that hackers can exploit to access sensitive services running on local devices The most surprising thing about this critical vulnerability is that it has lain dormant in common browsers for 18 years
"0000 Day" affects all top browsers, including Google Chrome and Chromium-based browsers such as Edge, Safari, and Firefox It is worth noting, however, that it only affects devices running macOS and Linux The reason the best Windows laptops are not affected is because Microsoft blocks this IP address at the OS level
This critical vulnerability allows unauthorized access and remote code execution by hackers who are not on the same local network, using harmless IP addresses such as 0000 as a weapon to exploit local services
In a report on this subject, Oligo security researchers explained that public websites with domains ending in "com" can communicate with services running on the local network and execute arbitrary code by using the address 0000 The website explains that it is possible to communicate with a service running on the local network and execute arbitrary code This vulnerability also allows the website to bypass Private Network Access (PNA), which prevents public websites from directly accessing endpoints on private networks
After discovering the vulnerability in April, Origo immediately contacted the companies behind all major browsers so they could implement a fix
Instead of releasing a security update, Google, Apple, Mozilla, and others plan to block 0000 IP addresses in the future With the release of Chromium 128 last month, Chrome already blocks access to 0000, but a full fix for this issue by Google will not be completed for all users until Chrome 133 is released Meanwhile, Apple has already made changes to WebKit, the browser engine used by Safari, to block access to 0000, and Mozilla also blocks this IP address in Firefox
The first and most important thing you can do to protect yourself from other browser-based attacks is to keep your browser up-to-date; this can be annoying, given Google's frequent releases of new updates to Chrome, but installing takes about a minute, and once the update is complete, all current tabs will be reopened
Browsers can be attacked by hackers who can infect your computer with malware, so you should also consider using the best anti-virus software on Windows PCs and the best Mac anti-virus software on Apple computers Both Windows and macOS have built-in antivirus software, but paid options offer even stronger protection, along with useful additional features such as VPNs and password managers
New vulnerabilities such as those mentioned above are discovered and patched on a daily basis
Comments