A vulnerability called '0.0.0.0 Day' has been discovered that allows local access to '0.0.0.0' to be exploited

It has become clear that major browsers such as Chrome, FireFox, and Safari have a problem with how they handle the IP address '0.0.0.0', which can be exploited by attackers to gain access to the local environment of the target. Oligo Security, the security company that discovered the problem, has named this vulnerability '0.0.0.0 Day' to warn users.

0.0.0.0 Day: Exploiting Localhost APIs From the Browser | Oligo Security

https://www.oligo.security/blog/0-0-0-0-day-exploiting-localhost-apis-from-the-browser

According to Oligo Security, major browsers use a feature that redirects access to '0.0.0.0' to 'localhost (127.0.0.1'). By exploiting this feature, an attacker can create a website or email containing malicious code and infiltrate the local environment of the target.

Oligo Security has succeeded in infiltrating the local environment of the target running Ray and launching an attack shell by combining the ShadowRay vulnerability in the AI processing framework Ray with the newly discovered 0.0.0.0 Day vulnerability. Click on the still image below to see a GIF animation of the attack execution.

'0.0.0.0 Day' affects major browsers such as Chrome, FireFox, and Safari that run on macOS and Linux. Windows is not affected by '0.0.0.0 Day' because it blocks access to '0.0.0.0' at the OS level.

Oligo Security has already reported the existence of '0.0.0.0 Day' to developers of major browsers. Google has already decided to complete support for it by Chrome 133 , and Apple has also introduced changes to WebKit to block '0.0.0.0' .

Meanwhile, FireFox has not yet decided whether to support 0.0.0.0 Day. Mozilla explains that the reason for the delay in supporting 0.0.0.0 Day is that 'there are users who use 0.0.0.0 to access localhost, and blocking 0.0.0.0 may make it impossible to access the server.'