Watch Out For The ‘0.0.0.0 Day’ Flaw Affecting Web Browsers

Researchers have recently uncovered a new vulnerability that is actively being exploited and affects all major web browsers. Known as a ‘0.0.0.0 Day’ flaw, this zero-day vulnerability allows attackers to bypass the security features of web browsers and gain access to the local network.

The Zero-Day Flaw ‘0.0.0.0 Day’ Affects Chrome, Firefox, and Safari Web Browsers

According to a recent report from Oligo Security, their research team has observed active exploitation attempts of the newly discovered 0.0.0.0 Day vulnerability that impacts web browsers. Exploiting this vulnerability enables attackers to gain unauthorized access to internal network services of a target organization and carry out remote code execution attacks.

The vulnerability came to light when researchers identified malicious campaigns like ShadowRay and SeleniumGreed targeting AI workloads and exploiting vulnerabilities in AI frameworks and web app testing frameworks for remote code execution.

Further investigation led to the discovery of a zero-day vulnerability in web browsers that allows access to the 0.0.0.0 IPv4 address, a prohibited address meant for temporary communication during DHCP handshakes.

Despite efforts by browsers like Google Chrome to enhance security features, the 0.0.0.0 IP address remains accessible, posing a threat to local networks and internal systems.

The researchers have provided technical details in their report for further analysis.

No Patch Available Yet – Researchers Recommend Mitigations

The researchers have confirmed that the 0.0.0.0 Day vulnerability does not affect Windows systems but poses a risk to macOS and Linux systems.

To mitigate potential threats until browsers address the vulnerability, developers are advised to implement measures such as PNA headers, HTTPS usage, HOST header verification, CSRF token applications, and restricting authorization to the localhost network.

Share your thoughts in the comments section below.