Four Zeros: The 18-Year Browser Flaw Endangering the World

By Riley ThompsonTechnology News

Four Zeros: The 18-Year Browser Flaw Endangering the World

For the past 18 years, the world’s major browsers have left a loophole for hackers, allowing them to break into private home and corporate networks, according to research published on Wednesday. Apple, Google, and Mozilla are now working to close this vulnerability, which is related to how browsers handle requests to the IP address 0.0.0.0.

Browsers like Chrome, Safari, and Firefox accept requests to 0.0.0.0, redirecting them to other IP addresses, including “localhost”—a server on the network or computer that is usually private and used for code testing. Researchers from the Israeli cybersecurity startup Oligo discovered that hackers have exploited this vulnerability by sending malicious requests to the 0.0.0.0 IP address of their targets, allowing them to access data that should have remained confidential. This type of attack has been dubbed “0.0.0.0-day.”

How the 0.0.0.0-Day Attack Works

In a typical attack, a hacker tricks the victim into visiting a seemingly harmless website, which then sends a malicious request to access files via 0.0.0.0. Examples of such information include developer data and internal messages. However, the most critical aspect is that using the “0.0.0.0-day” attack allows the hacker to access the victim’s internal private network, opening up a wide range of possible attack vectors.

These attacks can affect individuals and companies hosting web servers, which still covers a significant number of vulnerable systems. Researchers found that they could also run malicious code on servers using the Ray AI framework to train artificial intelligence models, which are used by major companies like Amazon and Intel. The problem isn’t limited to Ray; it affects any application that uses localhost and is accessible via 0.0.0.0.

Real-World Exploits and Responses

Such attacks have already been observed. In June of this year, Google security developer David Adrian reported several cases where malware exploited this vulnerability to attack specific development tools. However, Windows systems are not affected by this vulnerability, as Microsoft blocks 0.0.0.0 in its operating system.

Apple has announced plans to block all attempts to access the 0.0.0.0 IP address in the upcoming beta version of macOS 15 Sequoia. This measure is aimed at increasing the operating system’s security.

The Google Chromium and Chrome development teams also intend to implement a similar block in their browsers, though there has been no official comment from the company yet.

Mozilla, the creator of Firefox, is so far holding off on making a similar decision. The reason lies in potential compatibility issues: some servers use the 0.0.0.0 address instead of localhost, and blocking it could disrupt their operation.

Ongoing Risks and Industry Attention

These changes reflect the growing attention tech giants are paying to cybersecurity and user data protection. Researchers believe that the risk of leaving 0.0.0.0 open remains significant. In their view, allowing access to this IP address opens up access to many types of data that have long been blocked.

The researchers plan to present their findings at the DEF CON conference, which will take place in Las Vegas this weekend.

Leave a Reply