Researchers find decades-old vulnerability in major web browsers | CyberScoop<\/title> <meta name=\"description\" content=\"An Israeli firm discovered a flaw in browsers like Safari, Chrome, and Firefox, allowing attackers to exploit how 0.0.0.0 queries are handled.\"> <link rel=\"canonical\" href=\"https:\/\/cyberscoop.com\/browser-zero-day-oligo-security-0-0-0-0-day\/\"> <meta property=\"og:locale\" content=\"en_US\"> <meta property=\"og:type\" content=\"article\"> <meta property=\"og:title\" content=\"Researchers find decades-old vulnerability in major web browsers \"> <meta property=\"og:description\" content=\"An Israeli firm discovered a flaw in browsers like Safari, Chrome, and Firefox, allowing attackers to exploit how 0.0.0.0 queries are handled.\"> <meta property=\"og:url\" content=\"https:\/\/cyberscoop.com\/browser-zero-day-oligo-security-0-0-0-0-day\/\"> <meta property=\"og:site_name\" content=\"CyberScoop\"> <meta property=\"article:published_time\" content=\"2024-08-08T14:56:05+00:00\"> <meta property=\"article:modified_time\" content=\"2024-08-08T14:56:06+00:00\"> <meta name=\"author\" content=\"Greg Otto\"> <meta name=\"twitter:card\" content=\"summary_large_image\"> <meta name=\"twitter:image\" content=\"https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2024\/08\/researchers-find-decades-old-vulnerability-in-major-web-browsers-2.jpg\"> <meta name=\"twitter:creator\" content=\"@gregotto\">  <link rel=\"dns-prefetch\" href=\"\/\/securepubads.g.doubleclick.net\">\n<link rel=\"dns-prefetch\" href=\"\/\/use.typekit.net\">\n<link rel=\"alternate\" type=\"application\/rss+xml\" title=\"CyberScoop \u00bb Feed\" href=\"https:\/\/cyberscoop.com\/feed\/\">\n<link rel=\"alternate\" type=\"application\/rss+xml\" title=\"CyberScoop \u00bb Comments Feed\" href=\"https:\/\/cyberscoop.com\/comments\/feed\/\"> <link rel=\"stylesheet\" id=\"all-css-2\" href=\"https:\/\/cyberscoop.com\/wp-includes\/css\/dist\/block-library\/style.min.css?m=1721926675g\" type=\"text\/css\" media=\"all\"> <link rel=\"stylesheet\" id=\"all-css-6\" href=\"https:\/\/cyberscoop.com\/wp-content\/mu-plugins\/search\/elasticpress\/dist\/css\/related-posts-block-styles.min.css?m=1721767167g\" type=\"text\/css\" media=\"all\"> <link rel=\"stylesheet\" id=\"all-css-8\" href=\"https:\/\/cyberscoop.com\/wp-content\/themes\/scoopnewsgroup\/dist\/css\/frontend.css?m=1721764637g\" type=\"text\/css\" media=\"all\">\n<link rel=\"stylesheet\" id=\"typekit-css\" href=\"https:\/\/use.typekit.net\/itk2qbh.css?ver=ada0ad45b21fc79c6694\" media=\"all\"> <link rel=\"https:\/\/api.w.org\/\" href=\"https:\/\/cyberscoop.com\/wp-json\/\"><link rel=\"alternate\" title=\"JSON\" type=\"application\/json\" href=\"https:\/\/cyberscoop.com\/wp-json\/wp\/v2\/posts\/81342\"><link rel=\"EditURI\" type=\"application\/rsd+xml\" title=\"RSD\" href=\"https:\/\/cyberscoop.com\/xmlrpc.php?rsd\">\n<meta name=\"generator\" content=\"WordPress 6.6.1\">\n<link rel=\"shortlink\" href=\"https:\/\/cyberscoop.com\/?p=81342\">\n<link rel=\"alternate\" title=\"oEmbed (JSON)\" type=\"application\/json+oembed\" href=\"https:\/\/cyberscoop.com\/wp-json\/oembed\/1.0\/embed?url=https%3A%2F%2Fcyberscoop.com%2Fbrowser-zero-day-oligo-security-0-0-0-0-day%2F\">\n<link rel=\"alternate\" title=\"oEmbed (XML)\" type=\"text\/xml+oembed\" href=\"https:\/\/cyberscoop.com\/wp-json\/oembed\/1.0\/embed?url=https%3A%2F%2Fcyberscoop.com%2Fbrowser-zero-day-oligo-security-0-0-0-0-day%2F&format=xml\">   <link rel=\"icon\" href=\"https:\/\/cyberscoop.com\/wp-content\/uploads\/sites\/3\/2023\/01\/cropped-cs_favicon-2.png?w=32\" sizes=\"32x32\">\n<link rel=\"icon\" href=\"https:\/\/cyberscoop.com\/wp-content\/uploads\/sites\/3\/2023\/01\/cropped-cs_favicon-2.png?w=192\" sizes=\"192x192\">\n<link rel=\"apple-touch-icon\" href=\"https:\/\/cyberscoop.com\/wp-content\/uploads\/sites\/3\/2023\/01\/cropped-cs_favicon-2.png?w=180\">\n<meta name=\"msapplication-TileImage\" content=\"https:\/\/cyberscoop.com\/wp-content\/uploads\/sites\/3\/2023\/01\/cropped-cs_favicon-2.png?w=270\"> <\/head><body class=\"post-template-default single single-post postid-81342 single-format-standard\" id=\"readabilityBody\"> <a href=\"https:\/\/cyberscoop.com\/browser-zero-day-oligo-security-0-0-0-0-day\/#main\" class=\"skip-to-content-link visually-hidden-focusable\">Skip to main content<\/a> <\/p>\n<div class=\"ad ad--top ad--top-desktop\">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<p> <main id=\"main\" role=\"main\" tabindex=\"-1\"> <\/p>\n<div class=\"ad ad--top ad--top-mobile\">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<section id=\"stickybar\" class=\"stickybar stickybar--event js-stickybar\">\n<div class=\"stickybar__details\" readability=\"4.952380952381\">\n<div class=\"stickybar__info js-sticky-bar-content\" readability=\"32\">\n<p>Voting is open for the 2024 CyberScoop 50 awards! <\/p>\n<\/div>\n<p> <a class=\"stickybar__link button button-tertiary\" href=\"https:\/\/cyberscoop.com\/cyberscoop50\/vote\/\">Click here!<\/a> <\/div>\n<p> <button class=\"stickybar__close js-stickybar-close\" aria-controls=\"stickybar\"> <svg class=\"icon icon--close\" width=\"21\" height=\"22\" viewBox=\"0 0 21 22\" fill=\"none\"><path d=\"m.822.518-.805.805L9.695 11 .017 20.678l.805.805 9.678-9.678 9.677 9.678.806-.805L11.305 11l9.678-9.677-.806-.805-9.677 9.677L.822.518Z\" fill=\"currentColor\" \/><\/svg> <span class=\"visually-hidden\">Close<\/span> <\/button> <\/section>\n<article class=\"single-article content\">\n<div class=\"single-article__container js-single-article-content\">\n<header class=\"single-article__header \" readability=\"25.634482758621\">\n<div class=\"single-article__header-content\" readability=\"30.203045685279\">\n<ul class=\"single-article__eyebrow\">\n<li class=\"single-article__category\"> <a class=\"single-article__category-link\" href=\"https:\/\/cyberscoop.com\/news\/cybersecurity\/\"> <span>Cybersecurity<\/span> <\/a> <\/li>\n<\/ul>\n<p> The flaw, called \u20180.0.0.0 day,\u2019 has to do with how browsers handle network requests. <\/p>\n<\/p><\/div>\n<div class=\"single-article__cover-wrap\">\n<figure class=\"single-article__cover\"> <img data-recalc-dims=\"1\" fetchpriority=\"high\" width=\"640\" height=\"424\" src=\"https:\/\/i0.wp.com\/ddi.mohflo.net\/wp-content\/uploads\/2024\/08\/researchers-find-decades-old-vulnerability-in-major-web-browsers.jpg?resize=640%2C424&ssl=1\" class=\"single-article__cover-image wp-post-image\" alt decoding=\"async\" fetchpriority=\"high\" srcset=\"https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2024\/08\/researchers-find-decades-old-vulnerability-in-major-web-browsers-2.jpg 4300w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2024\/08\/researchers-find-decades-old-vulnerability-in-major-web-browsers-2.jpg?resize=300,199 300w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2024\/08\/researchers-find-decades-old-vulnerability-in-major-web-browsers-2.jpg?resize=768,509 768w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2024\/08\/researchers-find-decades-old-vulnerability-in-major-web-browsers-2.jpg?resize=1024,679 1024w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2024\/08\/researchers-find-decades-old-vulnerability-in-major-web-browsers-2.jpg?resize=1536,1019 1536w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2024\/08\/researchers-find-decades-old-vulnerability-in-major-web-browsers-2.jpg?resize=2048,1358 2048w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2024\/08\/researchers-find-decades-old-vulnerability-in-major-web-browsers-2.jpg?resize=600,398 600w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2024\/08\/researchers-find-decades-old-vulnerability-in-major-web-browsers-2.jpg?resize=253,168 253w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2024\/08\/researchers-find-decades-old-vulnerability-in-major-web-browsers-2.jpg?resize=508,337 508w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2024\/08\/researchers-find-decades-old-vulnerability-in-major-web-browsers-2.jpg?resize=1018,675 1018w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2024\/08\/researchers-find-decades-old-vulnerability-in-major-web-browsers-2.jpg?resize=1271,843 1271w\" sizes=\"(max-width: 1018px) 100vw, 1018px\"><figcaption> Google Chrome’s logo is seen at Google’s annual developer conference, Google I\/O, at Moscone Center in San Francisco on June 28, 2012 in California. AFP PHOTO \/ Kimihiro Hoshino (Photo credit should read KIMIHIRO HOSHINO\/AFP\/GettyImages) <\/figcaption><\/figure>\n<\/p><\/div>\n<\/header>\n<div class=\"single-article__content\">\n<div class=\"single-article__content-inner has-drop-cap\"> <html readability=\"26.852375770765\"><body readability=\"53.854889589905\"><\/p>\n<p>An Israeli cybersecurity firm has identified a zero-day vulnerability affecting major web browsers, which could allow attackers to bypass normal browser security measures and potentially breach local networks.<\/p>\n<p>The flaw, discovered by <a href=\"https:\/\/www.oligo.security\/blog\/0-0-0-0-day-exploiting-localhost-apis-from-the-browser\">Oligo Security<\/a>, was found in how browsers handle network requests. <\/p>\n<p>In summary, devices read IP addresses to connect users to websites, with 0.0.0.0 serving as a placeholder until a real address is assigned. Oligo researchers found that a would-be attack can exploit how browsers like Apple\u2019s Safari, Google\u2019s Chrome, and Mozilla\u2019s Firefox handle queries to 0.0.0.0, redirecting them to other addresses such as \u2018localhost,\u2019 which is typically private. <\/p>\n<p>This exploit allows attackers to access private data by sending requests to 0.0.0.0. Attackers could then perform all types of nefarious actions, gaining unauthorized access and executing remote code on locally running programs, which could impact development platforms, operating systems, and internal networks.<\/p>\n<div class=\"ad ad--inline_1 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<p>Oligo has dubbed the vulnerability \u201c0.0.0.0 day,\u201d and wrote <a href=\"https:\/\/www.oligo.security\/blog\/0-0-0-0-day-exploiting-localhost-apis-from-the-browser\">in a blog post<\/a> that it considers it to be \u201cfar-reaching, affecting individuals and organizations alike.\u201d<\/p>\n<p>By April, Oligo had alerted security teams at major tech companies and started working with them on solutions to the issue. <a href=\"https:\/\/chromestatus.com\/feature\/5106143060033536\">Google has already started<\/a> to block 0.0.0.0 requests in Chrome, and over the next few months will be implementing fixes to Chromium, the open-source code base that powers Chrome and other popular browsers. <\/p>\n<p><a href=\"https:\/\/www.forbes.com\/sites\/thomasbrewster\/2024\/08\/07\/hackers-exploit-18-year-old-vulnerability-in-apple-google-and-mozilla-browsers\/\">Apple told Forbes<\/a> that it has initiated changes to deny such requests in Safari. Oligo says there is no immediate fix for Firefox, but it has been working with Mozilla to block 0.0.0.0 in the future. <\/p>\n<p>To further avoid any possible security issues, Oligo suggests that security teams use Private Network Access headers \u2014 \u200b\u200ba feature that provides attentional protection for local networks from potential vulnerabilities or malicious attacks. The company also recommends using HTTPS whenever possible and implementing cross-site request forgery (CSRF) tokens in web applications, even if they are only running locally. <\/p>\n<p>You can read the full technical details on <a href=\"https:\/\/www.oligo.security\/blog\/0-0-0-0-day-exploiting-localhost-apis-from-the-browser\">Oligo\u2019s blog<\/a>. <\/p>\n<p><\/body> <\/p>\n<footer class=\"single-article__footer\" readability=\"4.2653631284916\">\n<div class=\"author-card\" readability=\"14\">\n<div class=\"author-card__avatar\">\n<figure class=\"author-card__image-wrap\"> <img data-recalc-dims=\"1\" decoding=\"async\" class=\"author-card__image\" src=\"https:\/\/i0.wp.com\/ddi.mohflo.net\/wp-content\/uploads\/2024\/08\/researchers-find-decades-old-vulnerability-in-major-web-browsers-1.jpg?w=640&ssl=1\" alt=\"Greg Otto\"> <\/figure>\n<\/p><\/div>\n<p><h4 class=\"author-card__name\">Written by Greg Otto<\/h4>\n<p> Greg Otto is Editor-in-Chief of CyberScoop, overseeing all editorial content for the website. Greg has led cybersecurity coverage that has won various awards, including accolades from the Society of Professional Journalists and the American Society of Business Publication Editors. Prior to joining Scoop News Group, Greg worked for the Washington Business Journal, U.S. News & World Report and WTOP Radio. He has a degree in broadcast journalism from Temple University. <\/p>\n<\/p><\/div>\n<div class=\"single-article__tags-container\">\n<h4 class=\"single-article__tags-title\">In This Story<\/h4>\n<\/p><\/div>\n<\/footer>\n<p> <\/html><\/div>\n<\/p><\/div>\n<\/p><\/div>\n<div class=\"single-article__ads js-single-article-sidebar\">\n<div class=\"ad ad--sidebar js-single-article-sidebar-5 ad--rightrail_1 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<div class=\"ad ad--sidebar js-single-article-sidebar-4 ad--rightrail_2 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<div class=\"ad ad--sidebar js-single-article-sidebar-3 ad--rightrail_3 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div><\/div>\n<\/article>\n<div class=\"popular-stories popular-stories--single-post\">\n<div class=\"popular-stories__container\">\n<h2 class=\"popular-stories__title\"> More Scoops <\/h2>\n<p>  <\/div>\n<p>\n<\/div>\n<p> <\/p>\n<section class=\"latest-podcasts\">\n<h2 class=\"latest-podcasts__title\"> Latest Podcasts\t<\/h2>\n<\/section>\n<div class=\"top-categories\">\n<div class=\"top-categories__container\">\n<h3 class=\"top-categories__category-title\">Government<\/h3>\n<\/p><\/div>\n<div class=\"top-categories__container\">\n<h3 class=\"top-categories__category-title\">Technology<\/h3>\n<\/p><\/div>\n<\/p><\/div>\n<p> <\/main> <\/p>\n<div class=\"ad ad--bottom \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<div id=\"interstitial\" class=\"welcome__container\"> <button id=\"close-modal-1\" class=\"welcome__clickable_area\"><\/button> <\/p>\n<div class=\"welcome__ad_wrapper\">\n<p> <button id=\"close-modal-3\" class=\"welcome__continue-button\">Continue to CyberScoop<\/button> <\/p>\n<\/p><\/div>\n<\/p><\/div>\n<p>   <\/body> <a href=\"https:\/\/cyberscoop.com\/browser-zero-day-oligo-security-0-0-0-0-day\/\">Source<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Researchers find decades-old vulnerability in major web browsers | CyberScoop<\/p>\n","protected":false},"author":11,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_jetpack_memberships_contains_paid_content":false,"footnotes":""},"categories":[1774,78,2437,2438,310,1170],"tags":[1777,86,2439,2440,311,1171],"class_list":["post-4769","post","type-post","status-publish","format-standard","hentry","category-chrome","category-cybersecurity","category-firefox","category-safari","category-technology","category-zero-days","tag-chrome","tag-cybersecurity","tag-firefox","tag-safari","tag-technology","tag-zero-days"],"featured_image_urls":{"full":"","thumbnail":"","medium":"","medium_large":"","large":"","1536x1536":"","2048x2048":"","chromenews-featured":"","chromenews-large":"","chromenews-medium":""},"author_info":{"display_name":"Cyber Scoop","author_link":"https:\/\/ddi.mohflo.net\/index.php\/author\/cyberscoop\/"},"category_info":"<a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/chrome\/\" rel=\"category tag\">Chrome<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/cybersecurity\/\" rel=\"category tag\">Cybersecurity<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/firefox\/\" rel=\"category tag\">firefox<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/safari\/\" rel=\"category tag\">Safari<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/technology\/\" rel=\"category tag\">Technology<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/zero-days\/\" rel=\"category tag\">zero-days<\/a>","tag_info":"zero-days","comment_count":"0","jetpack_featured_media_url":"","jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/posts\/4769","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/users\/11"}],"replies":[{"embeddable":true,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/comments?post=4769"}],"version-history":[{"count":0,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/posts\/4769\/revisions"}],"wp:attachment":[{"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/media?parent=4769"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/categories?post=4769"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/tags?post=4769"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}

{"id":4769,"date":"2024-08-08T09:56:05","date_gmt":"2024-08-08T14:56:05","guid":{"rendered":"https:\/\/cyberscoop.com\/?p=81342"},"modified":"2024-08-08T09:56:05","modified_gmt":"2024-08-08T14:56:05","slug":"researchers-find-decades-old-vulnerability-in-major-web-browsers","status":"publish","type":"post","link":"https:\/\/ddi.mohflo.net\/index.php\/2024\/08\/08\/researchers-find-decades-old-vulnerability-in-major-web-browsers\/","title":{"rendered":"Researchers find decades-old vulnerability in major web browsers\u00a0"},"content":{"rendered":"