Massive security flaw puts most popular browsers at risk on Mac

Stay ahead of the game: What you need to do to protect yourself

Kurt ‘CyberGuy’ Knutsson shows how you can add ChatGPT to your browser

CyberGuy explains how ChatGPT's functions can help you in your day-to-day life.

Hackers are already flooding browsers with malware and phishing links, and now researchers have discovered a vulnerability that gives them direct access to services on your laptop. 

This vulnerability, known as 0.0.0.0 Day, affects all Chromium-based browsers, including Google Chrome, Firefox, Safari and Edge. 

What's concerning is that this vulnerability has been present in these browsers for the past 18 years and has only been discovered now.

SIGN UP FOR FOR KURT’S FREE NEWSLETTER AND GET INSTANT ACCESS TO THE CYBERGUY REPORT 

browser risks 1

A person using a laptop with Google Chrome browser  (Kurt "CyberGuy" Knutsson)

What you need to know

The 0.0.0.0 Day vulnerability was discovered by the Israeli app security firm Oligo and subsequently reported by The Hacker News. It involves the use of IP address, 0.0.0.0, which is normally harmless. But with this vulnerability, attackers could misuse it to access and control local services on your computer.

The critical vulnerability "exposes a fundamental flaw in how browsers handle network requests, potentially granting malicious actors access to sensitive services running on local devices," Oligo Security researcher Avi Lumelsky said.

Security researchers have found that websites with ".com" domains can communicate with services on a local network and run unauthorized code using the address 0.0.0.0. This vulnerability also allows them to bypass Private Network Access (PNA), which is supposed to stop public websites from accessing private network endpoints directly.

In simple terms, this vulnerability could allow bad actors to break into your local services and execute unauthorized actions on your device.

The vulnerability affects browsers including Google Chrome, Edge, Safari and Firefox on devices running macOS and Linux. If you're a Windows user, you don’t have to worry because Microsoft blocks this IP address at the operating system level.

browser risk 2

A browser displayed on a laptop   (Kurt "CyberGuy" Knutsson)

HERE’S WHAT RUTHLESS HACKERS STOLE FROM 110 MILLION AT&T CUSTOMERS

Is a fix coming?

Chrome started blocking access to the IP address 0.0.0.0 from Chromium 128 in July. Google will gradually roll out this change, completing it by Chrome 133, when the IP address will be fully blocked for all Chrome and Chromium users.

Meanwhile, Apple has already updated WebKit, the browser engine used by Safari, to block access to 0.0.0.0. Mozilla has also blocked this IP address in Firefox. To protect yourself from getting affected, keep your browser up to date.

HOW TO REMOVE YOUR PRIVATE DATA FROM THE INTERNET 

Steps to update your browser

The best way to protect yourself from security flaws is to keep your browser up to date. Below are the steps to keep it updated.

How to update Chrome

  • Open Google Chrome on your computer
  • Click on the three dots in the top-right corner
  • Select Help
  • Click About Chrome
  • Chrome will automatically check for updates. If an update is available, it will download and install it.
  • Click Relaunch to complete the update process.

For mobile devices, you can update Chrome via the Google Play Store (Android) or App Store (iOS) by searching for Chrome and tapping Update if available

browser risks 3

Google Chrome browser   (Kurt "CyberGuy" Knutsson)

WORLD’S LARGEST STOLEN PASSWORD DATABASE UPLOADED TO CRIMINAL FORUM

How to update Microsoft Edge

  • Open Microsoft Edge
  • Click on the three dots in the top-right corner
  • Select Help and feedback
  • Click About Microsoft Edge
  • Edge will automatically check for updates and install them if available
  • Click Restart to update Microsoft Edge and apply any updates

For mobile devices, updates can be done through the respective app stores (Google Play Store for Android and App Store for iOS) by searching for Edge and tapping Update if available.

browser risks 4

Microsoft Edge browser   (Kurt "CyberGuy" Knutsson)

How to update Safari

  • On a Mac, open the Apple menu
  • Select System Settings 
  • Tap General 
  • Click Software Update 
  • If an update for Safari is available, click Update Now.
  • Follow the prompts to complete the installation.

For iOS devices, updates are done through the Settings app under General > Software Update.

browser risks 5

Safari browser   (Kurt "CyberGuy" Knutsson)

How to update Mozilla Firefox

  • Open Firefox
  • Click on the three horizontal lines (☰) in the top-right corner
  • Select Help 
  • Click About Firefox
  • Firefox will check for updates and download them automatically
  • Click Restart to Update Firefox if an update was installed

For mobile devices, you can update Firefox through the Google Play Store (Android) or App Store (iOS) by searching for Firefox and tapping Update if available.

CLICK HERE FOR MORE U.S. NEWS

browser risks 6

Mozilla Firebox browser   (Kurt "CyberGuy" Knutsson)

Additional measures to keep your data and devices safe

Below are some extra steps to take to prevent being affected by hackers exploiting security vulnerabilities.

1. Have strong antivirus software: Hackers often gain access to devices by sending infected emails or documents or tricking you into clicking a link that downloads malware. You can avoid all of this by installing strong antivirus software that will detect any potential threat before it can take over your device or router.

The best way to safeguard yourself from malicious links that install malware, potentially accessing your private information, is to have strong antivirus software installed on all your devices. This protection can also alert you to phishing emails and ransomware scams, keeping your personal information and digital assets safe. Get my picks for the best 2024 antivirus protection winners for your Windows, Mac, Android and iOS devices.

2. Recognize urgent requests as potential scams: Always be wary if someone is urgently requesting you to do something like send money, provide personal information or click on a lin. Chances are it’s a scam.

3. Use strong and unique passwords: Create strong passwords for your accounts and devices and avoid using the same password for multiple online accounts. Consider using a password manager to securely store and generate complex passwords. It will help you to create unique and difficult-to-crack passwords that a hacker could never guess. Second, it also keeps track of all your passwords in one place and fills passwords in for you when you’re logging into an account so that you never have to remember them yourself.  The fewer passwords you remember, the less likely you will be to reuse them for your accounts. Get more details about my best expert-reviewed Password Managers of 2024 here.

4. Enable two-factor authentication: Enable two-factor authentication whenever possible. This adds an extra layer of security by requiring a second form of verification, such as a code sent to your phone, in addition to your password.

ANDROID USERS AT RISK AS BANKING TROJAN TARGETS MORE APPS

Kurt’s key takeaway

Given the newly discovered 0.0.0.0 Day vulnerability, it's more important than ever to keep your browser up to date. While major browser companies are actively working on a fix, staying on top of software updates is crucial to protect your device. To further safeguard your online experience, be cautious of suspicious links, practice safe browsing habits, and regularly check for updates.

Given the recent discovery of the 0.0.0.0 Day vulnerability affecting major browsers like Google Chrome, Firefox, Safari and Edge, which has been present for 18 years, do you think tech companies are doing enough to ensure the security of their products and protect users from such long-standing vulnerabilities? Let us know by writing us at Cyberguy.com/Contact

For more of my tech tips and security alerts, subscribe to my free CyberGuy Report Newsletter by heading to Cyberguy.com/Newsletter

Ask Kurt a question or let us know what stories you'd like us to cover

Follow Kurt on his social channels

Answers to the most asked CyberGuy questions:

Copyright 2024 CyberGuy.com.  All rights reserved.

Kurt "CyberGuy" Knutsson is an award-winning tech journalist who has a deep love of technology, gear and gadgets that make life better with his contributions for Fox News & FOX Business beginning mornings on "FOX & Friends." Got a tech question? Get Kurt’s free CyberGuy Newsletter, share your voice, a story idea or comment at CyberGuy.com.

Authored by Kurt Knutsson, Cyberguy Report via FoxNews August 10th 2024