Thursday, 24 April 2025
26.1 C
Singapore
29 C
Thailand
19 C
Indonesia
28.4 C
Philippines

Major browsers Safari, Chrome, and Firefox are fixing a critical security flaw

Discover how a critical security flaw affecting Safari, Chrome, and Firefox browsers is being fixed, protecting sensitive user data from cyberattacks.

A significant security flaw has been discovered in some of the world’s most popular web browsers, leaving them vulnerable to attacks that could compromise sensitive information. If you’re using Apple’s Safari, Google’s Chrome, or Mozilla’s Firefox, it’s crucial to be aware of this issue and the steps to address it.

A flaw that exposes your sensitive data

Cybersecurity experts from Oligo have revealed a vulnerability known as the “0.0.0.0-day attack,” which exploits how these major browsers handle queries to the 0.0.0.0 IP address. Under normal circumstances, this address redirects users to a different IP, often leading to “localhost,” which is typically a private server or computer. However, with this flaw, attackers can trick your browser into revealing private data by sending a malicious request to the 0.0.0.0 IP address.

The potential for harm is considerable, especially when the attack is executed through phishing or social engineering tactics. By persuading you to visit a malicious website, cybercriminals can access private data stored on your device. This is particularly concerning for those who manage web servers, as the attack surface is much more prominent in such cases.

Apple and Google rush to fix the flaw

This vulnerability is already being exploited in the wild, prompting developers to work on a solution. Apple and Google are both actively developing fixes for their browsers. Avi Lumelsky, an AI security researcher at Oligo, highlighted the potential risks, stating, “Developer code and internal messaging are good examples of some of the information that can be accessed right away. But more importantly, exploiting 0.0.0.0-day can let the attacker access the internal private network of the victim, opening a wide range of attack vectors.”

The scope of the attack is limited, as it primarily affects individuals and businesses that host web servers. However, this still leaves many users exposed to potential breaches.

There is confirmed evidence that this flaw has been exploited in real-world scenarios. A Google security developer acknowledged the vulnerability in a post on the Chromium forum earlier this year. However, it’s important to note that this flaw can only be exploited on Apple devices. Microsoft has already taken steps to block the 0.0.0.0 IP address on Windows, and Apple plans to implement a similar measure in the upcoming macOS 15 Sequoia beta.

Meanwhile, Google is preparing to implement the fix on its Chromium and Chrome browsers. On the other hand, Mozilla is still exploring its options for addressing this issue in Firefox.

As these tech giants work to resolve the vulnerability, it’s advisable to stay updated on the latest browser patches and updates. Ensuring that your browser is up-to-date is one of the best ways to protect yourself from potential cyber threats.

Hot this week

Poco F7 Pro review: Improved battery, flagship feel at a value price

The Poco F7 Pro offers flagship performance, a vibrant display, and great battery life at a value price, with solid camera results too.

Famed AI researcher starts bold new company aiming to replace human jobs

AI expert launches Mechanize, a startup aiming to replace all human jobs with AI, sparking backlash and deep concern across the tech world.

Tenable uncovers critical privilege escalation flaw in Google Cloud Composer

Tenable exposes a GCP vulnerability in Cloud Composer that allows privilege escalation through interdependent cloud services.

CeMAT Southeast Asia returns to Singapore to showcase the future of logistics and automation

CeMAT Southeast Asia 2025 will showcase innovations in logistics and automation, addressing rising complexities and tariffs within the supply chain.

Enterprises accelerate adoption of AI agents despite concerns over data privacy and fairness

Cloudera survey finds 96% of global enterprises plan to expand AI agents, with Singapore leading adoption but facing fairness concerns.

POCO launches entry-level C71 smartphone in Singapore with premium features

POCO launches the budget-friendly C71 smartphone in Singapore, offering premium design, enhanced cameras, and smooth performance at S$109.

NVIDIA uses AI to address climate, wildlife and disaster risks

NVIDIA’s AI tools support climate action, wildlife monitoring, and disaster risk mitigation, with uses spanning sea, land, sky and space.

Netflix raises subscription prices in Singapore again

Netflix again raises subscription prices in Singapore, with new rates for all plans and extra member slots.

GameMax unveils Blade Concept ATX case with bold design and powerful features

GameMax launches the Blade Concept ATX case, which features a striking blade design, RGB lighting, and support for high-end liquid-cooled PC builds.

Related Articles

Popular Categories