Some of the world's largest and most popular browsers are vulnerable to a flaw that allows threat actors to steal sensitive information from targeted endpoints, experts have warned.
Cybersecurity researchers at Oligo recently detailed the “0.0.0.0 day attack,” a way to abuse the way Apple’s Safari, Google’s Chrome, and Mozilla’s Firefox handle queries to the 0.0.0.0 address.
Typically, browsers redirect the user to a different IP address, such as “localhost,” which is usually a server or a private computer. However, by sending a malicious request to the target’s IP address 0.0.0.0, attackers can gain access to private data. This can be done through phishing or social engineering, where the victim can be somehow tricked into opening a malicious website.
Apple and Google are working to fix the problem
Researchers said the flaw is currently being exploited while developers work on a permanent fix.
“Developer code and internal messaging are good examples of some of the information that can be immediately accessed,” said Avi Lumelsky, AI security researcher at Oligo. Forbes“But more importantly, exploiting 0.0.0.0-day can allow an attacker to access a victim’s internal private network, opening up a wide range of attack vectors.”
The attack vector is somewhat limited, as it only affects individuals and companies that host web servers. However, this leaves a large attack surface.
There’s also evidence of abuse on the web. A Google security developer confirmed this in a Chromium forum post earlier this year, but claimed the flaw can only be exploited on Apple devices, as Microsoft blocks 0.0.0.0 on Windows — something Apple plans to do with the macOS 15 Sequoia beta.
Google will do the same with Chromium and Chrome, leaving only Mozilla, which is currently exploring its options.