Tech News
Watch Out For The ‘0.0.0.0 Day’ Flaw Affecting Web Browsers
Researchers have recently uncovered a new vulnerability that is actively being exploited and affects all major web browsers. Known as a ‘0.0.0.0 Day’ flaw, this zero-day vulnerability allows attackers to bypass the security features of web browsers and gain access to the local network.
The Zero-Day Flaw ‘0.0.0.0 Day’ Affects Chrome, Firefox, and Safari Web Browsers
According to a recent report from Oligo Security, their research team has observed active exploitation attempts of the newly discovered 0.0.0.0 Day vulnerability that impacts web browsers. Exploiting this vulnerability enables attackers to gain unauthorized access to internal network services of a target organization and carry out remote code execution attacks.
The vulnerability came to light when researchers identified malicious campaigns like ShadowRay and SeleniumGreed targeting AI workloads and exploiting vulnerabilities in AI frameworks and web app testing frameworks for remote code execution.
Further investigation led to the discovery of a zero-day vulnerability in web browsers that allows access to the 0.0.0.0 IPv4 address, a prohibited address meant for temporary communication during DHCP handshakes.
Despite efforts by browsers like Google Chrome to enhance security features, the 0.0.0.0 IP address remains accessible, posing a threat to local networks and internal systems.
The researchers have provided technical details in their report for further analysis.
No Patch Available Yet – Researchers Recommend Mitigations
The researchers have confirmed that the 0.0.0.0 Day vulnerability does not affect Windows systems but poses a risk to macOS and Linux systems.
To mitigate potential threats until browsers address the vulnerability, developers are advised to implement measures such as PNA headers, HTTPS usage, HOST header verification, CSRF token applications, and restricting authorization to the localhost network.
Share your thoughts in the comments section below.
-
Destination3 months ago
Singapore Airlines CEO set to join board of Air India, BA News, BA
-
Tech News7 months ago
Bangladeshi police agents accused of selling citizens’ personal information on Telegram
-
Motivation6 months ago
The Top 20 Motivational Instagram Accounts to Follow (2024)
-
Guides & Tips5 months ago
Have Unlimited Korean Food at MANY Unlimited Topokki!
-
Guides & Tips5 months ago
Satisfy Your Meat and BBQ Cravings While in Texas
-
Gaming4 months ago
The Criterion Collection announces November 2024 releases, Seven Samurai 4K and more
-
Self Development7 months ago
Don’t Waste Your Time in Anger, Regrets, Worries and Grudges
-
Toys6 months ago
15 of the Best Trike & Tricycles Mums Recommend