Heimdal
article featured image

Contents:

Cybersecurity researchers have found a brand-new “0.0.0.0 Day” that affects all popular web browsers and that malevolent websites might use to compromise local networks.

It is reported that the vulnerability exposes a fundamental flaw in how browsers handle requests, potentially granting threat actors access to sensitive services running on local devices.

It is important to mention that the vulnerability only affects systems running on Linux and macOS, and does not work on Windows

Threat actors can use this vulnerability to remotely modify settings on affected devices, obtain unauthorized access to confidential data, and, in certain situations, execute malicious code.

Even if the problem was initially reported 18 years ago, it remained unsolved on Chrome, Firefox, and Safari, even if it was acknowledged by all three companies.

The 0.0.0.0 Day Flaw Explained

The 0.0.0.0 Day vulnerability is caused by non-standard communication between public websites and local network services via the “wildcard” IP address 0.0.0.0, as well as varying security measures amongst browsers.

0.0.0.0 often denotes all network interfaces on the host or all IP addresses on the local computer. When utilized in local networking, it can be understood as the localhost (127.0.0.1) or as a placeholder address in DHCP requests.

Because of a lack of consistent security, malicious websites can make HTTP requests to 0.0.0.0 that are intended for a service that is operating on the user’s local machine. The service will typically process these requests after they are routed to it.

Mechanisms such as Cross-Origin Resource Sharing (CORS) and Private Network Access (PNA) fail to stop this risky activity.

Web browsers by default forbid websites from requesting content from other websites and using the data they receive back. This was done to stop fraudulent websites from establishing connections with other URLs in a user’s browser that require authentication, including email servers, online banking portals, or other sensitive websites.

The vulnerability is actively exploited in the wild, as cybersecurity researchers have identified.

The Browsers Take Action

The web browsers’ developers are finally taking action regarding the vulnerability after the recent disclosure by cybersecurity researchers.

  • Google Chrome has decided to take action and prohibit access to 0.0.0.0 through a phased rollout that will begin with version 128 (upcoming) and end with version 133.
  • Mozilla Firefox made implementing PNA a high development priority. Until then, a temporary fix has been set in motion, but no rollout dates were provided.
  • Apple implemented additional IP checks on Safari via changes on WebKit and blocks access to 0.0.0.0 on the upcoming version 18 of the browser.

Until the fixes arrive, it is recommended to:

  • Implement PNA headers.
  • Verify HOST headers to protect against DNS rebinding attacks.
  • Don’t trust localhost—add authorization, even locally.
  • Use HTTPS whenever possible.
  • Implement CSRF tokens, even for local apps.

The most crucial thing for developers to keep in mind is that rogue websites can still use internal IP addresses to forward HTTP requests until patches are released. They should therefore take this security factor into account while creating their apps.

If you liked this piece, you can find more on the blog. Follow us on LinkedInTwitterFacebook, and YouTube for more cybersecurity news and topics.

Author Profile

Cristian Neagu

CONTENT EDITOR

linkedin icon

Cristian is a Content Editor & Creator at Heimdal®, where he developed a deep understanding of the digital threat landscape. His style resonates with both technical and non-technical readers, proof being in his skill of communicating cybersecurity norms effectively, in an easy-to-understand manner.

CHECK OUR SUITE OF 11 CYBERSECURITY SOLUTIONS

SEE MORE