Welcome to WarBulletin - your new best friend in the world of gaming. We're all about bringing you the hottest updates and juicy insights from across the gaming universe. Are you into epic RPG adventures or fast-paced eSports? We've got you covered with the latest scoop on everything from next-level PC gaming rigs to the coolest game releases. But hey, we're more than just news! Ever wondered what goes on behind the scenes of your favorite games? We're talking exclusive interviews with the brains behind the games, fresh off-the-press photos and videos straight from gaming conventions, and, of course, breaking news that you just can't miss. We know you love gaming 24/7, and that's why we're here round the clock, updating you on all things gaming. Whether it's the lowdown on a new patch or the buzz about the next big gaming celeb, we're on it.

Contacts

  • Owner: SNOWLAND s.r.o.
  • Registration certificate 06691200
  • 16200, Na okraji 381/41, Veleslavín, 162 00 Praha 6
  • Czech Republic

Major browser providers scramble to patch an 18-year-old vulnerability affecting MacOS and Linux systems but Windows remains gloriously immune

We Windows users are sometimes the butt of the joke when it comes to cybersecurity issues. Or at least, we often used to be. Still, if I receive one more lecture on why Linux or Mac systems are more secure, I'll at least have this article to point to. Not always, I shall say. Not always.

Oligo Security's research team has discovered a “0.0.0.0 Day” vulnerability that affects Google Chrome/Chromium, Mozilla Firefox and Apple Safari browsers, enabling websites to communicate with software running on MacOS and Linux systems (via The Hacker News).

The vulnerability means public websites using .com domains are able to communicate with services running on the local network by using the IP address 0.0.0.0 instead of localhost/127.0.0.1.

The good news, if you're a Windows user at least, is that Microsoft's OS blocks 0.0.0.0 at a system level. Hooray for the sometimes-rarer-than-we'd-like Microsoft security win. The bad news for the rest of you is that this loophole is said to have been exploitable since 2006, which means it has been an active cybersecurity vulnerability for an astonishing 18 years.

It's said that the percentage of websites that communicate using 0.0.0.0 is on the rise. Looking at Chromium counters, Oligo has identified 0.015% of websites that could potentially be malicious. That might not sound like a lot, but according to the team, there are an estimated 200 million active websites as of August 2024. 

That's potentially 100,000 websites communicating over that particular IP address, although how many of them are using that capability for nefarious purposes is currently unknown.

Oligo disclosed its findings to security teams from each of the major browsers affected in April 2024, which the company says was acknowledged by each, and that changes are underway to plug the vulnerability.

Keep up to date with the most important stories and the best deals, as picked by the PC Gamer team.

However, it's up to browser developers to implement their respective fixes,

Read more on pcgamer.com
Prev Post
God of War Ragnarök needs a chonky 190 GB of SSD space but the rest of the system requirements seem pretty reasonable

Related News

Latest Posts
Monster Hunter Wilds DLC won't include any "pay-to-win items" but will remain cosmetic only, as "always" in the action RPG series
  • By gamesradar.com

Monster Hunter Wilds DLC won't include any "pay-to-win items" but will remain cosmetic only, as "always" in the action RPG series

Gearbox CEO Randy Pitchford wanted Tiny Tina's Wonderlands campaign DLC, but there was "no way to do that and put the focus on Borderlands 4 that we needed to"
  • By gamesradar.com

Gearbox CEO Randy Pitchford wanted Tiny Tina's Wonderlands campaign DLC, but there was "no way to do that and put the focus on Borderlands 4 that we needed to"

Diablo 4 leads know you want a sword-and-board Paladin, but after 5 classic classes they wanted to go big on something new: "It's not just about rehashing old content"
  • By gamesradar.com

Diablo 4 leads know you want a sword-and-board Paladin, but after 5 classic classes they wanted to go big on something new: "It's not just about rehashing old content"

Abduct humans to put them on display in this theme park sim set in the same universe as a 27-year-old banger of a black comedy film
  • By gamesradar.com

Abduct humans to put them on display in this theme park sim set in the same universe as a 27-year-old banger of a black comedy film

Cheap but very cheerful? PowerA's wireless controllers feature Hall effect sensors and start at just $50
  • By pcgamer.com

Cheap but very cheerful? PowerA's wireless controllers feature Hall effect sensors and start at just $50

You can finally pick different power modes for battery or plugged in with the latest Windows 11 Insider build, ending the tyranny of one power setting for all
  • By pcgamer.com

You can finally pick different power modes for battery or plugged in with the latest Windows 11 Insider build, ending the tyranny of one power setting for all