Google closes a critical security vulnerability in Chrome that has existed for nearly 20 years

By: Vlad Cherevko | 09.08.2024, 10:59

Google Chrome has finally fixed a security vulnerability that existed for nearly two decades. The problem was related to how the browser and other systems interpreted the IP address 0.0.0.0.0.

Here's What We Know

This address does not have an accepted standard of processing, which created confusion and allowed hackers to bypass Chrome's Private Network Access (PNA) protection. The vulnerability allowed attackers to access sensitive information on local networks by bypassing security mechanisms.

The PNA was designed to block unauthorised external access to internal network resources, but due to the way the 0.0.0.0.0 address was handled, this protection was ineffective. Fixing this problem is an important step in improving browser security. The PNA protection now fully covers the 0.0.0.0.0.0 address, shutting down a significant attack vector that hackers were using.

Source: Android Authority