Security experts have highlighted a flaw in Google Chrome, Apple Safari, Mozilla Firefox, and several other web browsers, leaving millions of users vulnerable to hackers.
The flaw was originally discovered 18 years ago but was left unpatched. Google, Apple, and Mozilla have taken steps to fix the vulnerability in their respective browsers. Here are the details.
0.0.0.0 Day Flaw Explained
This flaw is known by 0.0.0.0 Day as it exploits this default IP address. A hacker can generate malicious HTTP requests on the user’s browser, which can get approved without authentication as the 0.0.0.0 IP address is considered non-existent or localhost.
However, these approved requests can provide the hacker with complete access to the user’s computer, including access to local disks, personal files, and other data. Hackers can also access the affected computer remotely and execute malicious codes, programs, malware, etc., on the system.
Note that the above explanation is simplified so our readers can understand it better. The actual process executed by hackers is very complex and involves multiple HTTP exploits using JavaScript and other web development languages.
The 0.0.0.0 Day security flaw was originally reported on Bugzilla, a forum for the Firefox browser where users can report bugs and get potential fixes. This flaw affected not only Firefox but almost all web browsers. Despite being publicly known since 2006, browser companies did not patch it.
However, since the start of 2024, the exploitation of unauthorised HTTP requests on the 0.0.0.0 IP address has been rapidly increasing. Google, Apple, Mozilla, and other browser makers quickly realised what was happening and announced security patches for these flaws.
Google Chrome has released a fix for this vulnerability, starting with version 128. From the upcoming version 133, Chrome will completely block all unauthorized requests to 0.0.0.0.
Similarly, Apple has implemented stronger IP checks in its Safari browser to prevent the exploitation of this flaw. Version 18 of the browser will be rolled out to all users, and it will also be implemented system-wide in macOS Sequoia.
However, Mozilla has not yet released a complete fix. The Firefox maker has instead provided a temporary fix to this flaw. Mozilla says that a complete patch is currently on their high-priority list.
If you use any web browser, such as Chrome, Safari, or Firefox, you must update to the latest version immediately. However, other than updating your browser, there’s not much a general user can do to stay safe from this vulnerability.
It is important to note that, according to reports on Bugzilla and other forums, this security flaw only affects macOS and Linux operating systems. Windows appears to be unaffected by this issue. However, Windows users are still recommended to update their OS and web browsers to the latest version.
The post 18-Year Old Security Flaw Leaves Google Chrome, Safari and Firefox Browser Vulnerable to Hackers appeared first on MySmartPrice.