Recently, researchers uncovered a new zero-day vulnerability that is actively being exploited across major web browsers. This flaw, known as the ‘0.0.0.0 Day’ vulnerability, enables attackers to bypass security measures in web browsers and gain access to the local network.
Impact of the Zero-Day Vulnerability ‘0.0.0.0 Day’ on Chrome, Firefox, and Safari
According to a recent post from Oligo Security, the research team observed ongoing exploitation attempts targeting web browsers through the 0.0.0.0 Day vulnerability. This exploit allows unauthorized access to internal network services of targeted organizations, facilitating remote code execution attacks.
The vulnerability came to light during the investigation of malicious campaigns like ShadowRay and SeleniumGreed, which exploited vulnerabilities in AI and web app testing frameworks for code execution.
The researchers traced the root cause to a long-standing flaw in web browsers that permits access to the 0.0.0.0 IPv4 address, posing a significant threat to local networks.
Despite efforts by Google Chrome to enhance security measures through PNA, the 0.0.0.0 address remains accessible, leaving systems vulnerable to exploitation.
Attackers can exploit this vulnerability to target local networks and compromise internal systems, emphasizing the urgent need for a patch.
For detailed technical information, refer to the researchers’ post.
No Patch Available – Recommended Mitigations
The 0.0.0.0 Day vulnerability affects macOS and Linux systems but not Windows. To mitigate potential risks, developers are advised to implement measures such as PNA headers, HTTPS, HOST header verification, CSRF token applications, and restricting authorization to the localhost network.
Share your insights in the comments section.
