We Windows users are sometimes the butt of the joke when it comes to cybersecurity issues. Or at least, we often used to be. Still, if I receive one more lecture on why Linux or Mac systems are more secure, I'll at least have this article to point to. Not always, I shall say. Not always.
Oligo Security's research team has discovered a “0.0.0.0 Day” vulnerability that affects Google Chrome/Chromium, Mozilla Firefox and Apple Safari browsers, enabling websites to communicate with software running on MacOS and Linux systems (via The Hacker News).
The vulnerability means public websites using .com domains are able to communicate with services running on the local network by using the IP address 0.0.0.0 instead of localhost/127.0.0.1.
The good news, if you're a Windows user at least, is that Microsoft's OS blocks 0.0.0.0 at a system level. Hooray for the sometimes-rarer-than-we'd-like Microsoft security win. The bad news for the rest of you is that this loophole is said to have been exploitable since 2006, which means it has been an active cybersecurity vulnerability for an astonishing 18 years.
It's said that the percentage of websites that communicate using 0.0.0.0 is on the rise. Looking at Chromium counters, Oligo has identified 0.015% of websites that could potentially be malicious. That might not sound like a lot, but according to the team, there are an estimated 200 million active websites as of August 2024.
That's potentially 100,000 websites communicating over that particular IP address, although how many of them are using that capability for nefarious purposes is currently unknown.
Oligo disclosed its findings to security teams from each of the major browsers affected in April 2024, which the company says was acknowledged by each, and that changes are underway to plug the vulnerability.
Keep up to date with the most important stories and the best deals, as picked by the PC Gamer team.
However, it's up to browser developers to implement their respective fixes,
Read more on pcgamer.com