Notebookcheck Logo

0.0.0.0 Day exploit reveals 18-year-old security flaw in Chrome, Safari, and Firefox

Following Oligo Security's report, Chrome is now blocking access to 0.0.0.0 (Finch Rollout) starting with Chromium 128. (Image source: Google)
Following Oligo Security's report, Chrome is now blocking access to 0.0.0.0 (Finch Rollout) starting with Chromium 128. (Image source: Google)
The "0.0.0.0 Day" vulnerability, discovered 18 years ago, allows malicious websites to bypass security protocols in Google Chrome, Mozilla Firefox, and Apple Safari, primarily affecting Linux and macOS devices. This flaw lets attackers remotely alter settings, access protected information, and potentially execute code on affected systems. Despite its initial disclosure in 2008, the vulnerability remains unresolved, though browser developers are now taking steps to address it. Additional security measures are recommended for developers to protect their applications.

An 18-year-old vulnerability, known as the "0.0.0.0 Day" flaw, has been disclosed to allow malicious websites to bypass security protocols in major web browsers, including Google Chrome, Mozilla Firefox, and Apple Safari. The flaw primarily affects Linux and macOS devices, giving threat actors remote access, using which they can change settings, gain unauthorized access to sensitive information, and even achieve remote code execution. Despite being initially reported in 2008, the issue is still unresolved in these browsers, though developers have acknowledged the problem and are reportedly working towards a fix.

The "0.0.0.0 Day" vulnerability arises from inconsistent security mechanisms across different browsers and the lack of standardization that permits public websites to interact with local network services using the "wildcard" IP address 0.0.0.0. By leveraging this IP address, attackers can target local services, including those used for development and internal networks. "0.0.0.0" is often interpreted as representing all IP addresses on a local machine.

Researchers at Oligo Security have observed multiple threat actors exploiting this flaw. Campaigns such as ShadowRay and Selenium attacks are actively targeting AI workloads and Selenium Grid servers. In response, web browser developers are starting to implement measures to block access to 0.0.0.0, with Google Chrome, Mozilla Firefox, and Apple Safari all planning updates to address the issue.

Until these fixes are fully implemented, Oligo recommends that developers adopt additional security measures, such as using PNA (Private Network Access) headers, verifying HOST headers, and employing HTTPS and CSRF (Cross-Site Request Forgery) tokens, to protect their applications.

The figure illustrates the rise of public websites which may be communicating with 0.0.0.0. The number is almost over 100,000. (Image source: Oligo Security)
The figure illustrates the rise of public websites which may be communicating with 0.0.0.0. The number is almost over 100,000. (Image source: Oligo Security)
Read all 4 comments / answer
static version load dynamic
Loading Comments
Comment on this article
Please share our article, every link counts!
> Expert Reviews and News on Laptops, Smartphones and Tech Innovations > News > News Archive > Newsarchive 2024 08 > 0.0.0.0 Day exploit reveals 18-year-old security flaw in Chrome, Safari, and Firefox
Anubhav Sharma, 2024-08- 8 (Update: 2024-08- 9)