Major Vulnerability Found in Chromium-Based Browsers, Updates Advised

Hackers are increasingly targeting web browsers with malware and phishing schemes, and a recent discovery has unveiled a significant vulnerability that could grant them direct access to services on your laptop. Dubbed the ‘0.0.0.0 Day’ vulnerability, this issue affects all Chromium-based browsers, including Google Chrome, Firefox, Safari, and Edge. Alarmingly, this flaw has been lurking in these browsers for the past 18 years, only now coming to light.

What You Need to Know

The 0.0.0.0 Day vulnerability was identified by the Israeli app security firm Oligo and reported by The Hacker News. It involves the IP address 0.0.0.0, which is typically innocuous. However, this vulnerability allows attackers to exploit it to gain access and control over local services on your computer. According to Oligo Security researcher Avi Lumelsky, the vulnerability “exposes a fundamental flaw in how browsers handle network requests, potentially granting malicious actors access to sensitive services running on local devices.”

Research indicates that websites with “.com” domains can communicate with services on a local network and execute unauthorized code using the 0.0.0.0 address. This vulnerability also enables attackers to circumvent Private Network Access (PNA), which is designed to prevent public websites from directly accessing private network endpoints. In essence, this flaw could allow malicious entities to infiltrate your local services and perform unauthorized actions on your device. The vulnerability impacts browsers on macOS and Linux, while Windows users are somewhat shielded, as Microsoft blocks this IP address at the operating system level.

Is a Fix Coming?

In response to this vulnerability, Chrome has begun blocking access to the IP address 0.0.0.0 starting with Chromium version 128, with a complete rollout expected by version 133. Meanwhile, Apple has already implemented updates to WebKit, the browser engine for Safari, to block this IP address. Mozilla has also taken steps to block it in Firefox. To mitigate risks, users are advised to keep their browsers updated.

Steps to Update Your Browser

Maintaining an updated browser is crucial for protecting against security vulnerabilities. Here are the steps for updating various browsers:

How to Update Chrome

1. Open Google Chrome on your computer.
2. Click on the three dots in the top-right corner.
3. Select Help.
4. Click About Chrome.
5. Chrome will automatically check for updates. If an update is available, it will download and install it.
6. Click Relaunch to complete the update process.

For mobile devices, you can update Chrome via the Google Play Store (Android) or App Store (iOS) by searching for Chrome and tapping Update if available.

How to Update Microsoft Edge

1. Open Microsoft Edge.
2. Click on the three dots in the top-right corner.
3. Select Help and feedback.
4. Click About Microsoft Edge.
5. Edge will automatically check for updates and install them if available.
6. Click Restart to apply any updates.

For mobile devices, updates can be done through the respective app stores (Google Play Store for Android and App Store for iOS) by searching for Edge and tapping Update if available.

How to Update Safari

1. On a Mac, open the Apple menu.
2. Select System Settings.
3. Tap General.
4. Click Software Update.
5. If an update for Safari is available, click Update Now.
6. Follow the prompts to complete the installation.

The discovery of the 0.0.0.0 Day vulnerability underscores the importance of keeping software up-to-date to protect against emerging threats. By following these steps, users can safeguard their devices from potential exploits targeting this newly uncovered flaw.