Thursday, 3 April 2025
26.1 C
Singapore
29.2 C
Thailand
27 C
Indonesia
27.3 C
Philippines

Major browsers Safari, Chrome, and Firefox are fixing a critical security flaw

Discover how a critical security flaw affecting Safari, Chrome, and Firefox browsers is being fixed, protecting sensitive user data from cyberattacks.

A significant security flaw has been discovered in some of the world’s most popular web browsers, leaving them vulnerable to attacks that could compromise sensitive information. If you’re using Apple’s Safari, Google’s Chrome, or Mozilla’s Firefox, it’s crucial to be aware of this issue and the steps to address it.

A flaw that exposes your sensitive data

Cybersecurity experts from Oligo have revealed a vulnerability known as the “0.0.0.0-day attack,” which exploits how these major browsers handle queries to the 0.0.0.0 IP address. Under normal circumstances, this address redirects users to a different IP, often leading to “localhost,” which is typically a private server or computer. However, with this flaw, attackers can trick your browser into revealing private data by sending a malicious request to the 0.0.0.0 IP address.

The potential for harm is considerable, especially when the attack is executed through phishing or social engineering tactics. By persuading you to visit a malicious website, cybercriminals can access private data stored on your device. This is particularly concerning for those who manage web servers, as the attack surface is much more prominent in such cases.

Apple and Google rush to fix the flaw

This vulnerability is already being exploited in the wild, prompting developers to work on a solution. Apple and Google are both actively developing fixes for their browsers. Avi Lumelsky, an AI security researcher at Oligo, highlighted the potential risks, stating, “Developer code and internal messaging are good examples of some of the information that can be accessed right away. But more importantly, exploiting 0.0.0.0-day can let the attacker access the internal private network of the victim, opening a wide range of attack vectors.”

The scope of the attack is limited, as it primarily affects individuals and businesses that host web servers. However, this still leaves many users exposed to potential breaches.

There is confirmed evidence that this flaw has been exploited in real-world scenarios. A Google security developer acknowledged the vulnerability in a post on the Chromium forum earlier this year. However, it’s important to note that this flaw can only be exploited on Apple devices. Microsoft has already taken steps to block the 0.0.0.0 IP address on Windows, and Apple plans to implement a similar measure in the upcoming macOS 15 Sequoia beta.

Meanwhile, Google is preparing to implement the fix on its Chromium and Chrome browsers. On the other hand, Mozilla is still exploring its options for addressing this issue in Firefox.

As these tech giants work to resolve the vulnerability, it’s advisable to stay updated on the latest browser patches and updates. Ensuring that your browser is up-to-date is one of the best ways to protect yourself from potential cyber threats.

Hot this week

Instagram introduces new speed-up feature for Reels

Instagram now lets you watch Reels at double speed, just like TikTok. The new feature helps you get through longer videos faster and easier.

OpenAI pauses free GPT-4o image generation after viral Studio Ghibli trend

OpenAI halts free GPT-4o image generation after viral Studio Ghibli trend raises legal concerns, leaving paid users with continued access.

RedCurl group linked to new ransomware strain in first documented attack

Bitdefender uncovers RedCurl's first ransomware campaign, revealing QWCrypt's unique tactics and the group's evolving cyber threat model.

MacBook Pro design overhaul expected in 2026

Apple might release a long-awaited MacBook Pro redesign in 2026, with OLED screens, improved portability, and more features.

Microsoft removes Windows 11 loophole for skipping account setup

Microsoft is blocking a well-known workaround that lets you set up Windows 11 without a Microsoft account, enforcing stricter installation rules.

Qualcomm expands AI research with MovianAI acquisition

Qualcomm has acquired Vietnamese AI research firm MovianAI to boost its AI development in smartphones, PCs, and software-defined vehicles.

Roblox introduces new parental controls to enhance child safety

Roblox introduces new parental controls, allowing parents to block games, restrict friends, and monitor their child’s activity for better safety.

Anthropic introduces Claude for Education, a new AI chatbot plan for universities

Anthropic launches Claude for Education, an AI chatbot plan for universities that offers advanced learning tools and administration support.

Exabeam introduces Nova, an agentic AI that boosts cybersecurity operations

Exabeam unveils Nova, a proactive AI agent that boosts security team productivity and reduces incident investigation time by over 50%.

Related Articles

Popular Categories