Last year around Christmas, Google Chrome was impacted by SQL vulnerabilities known as the Magellan SQLite vulnerabilities. The Tencent Blade security team highlighted the vulnerabilities in December last year that were patched right on time. This year, the same security team has disclosed fresh Magellan 2.0 vulnerabilities that impact Chrome, the search giant’s popular Web browser. But there’s very little you need to worry about unless you’re running a really old version of Google Chrome.
Magellan 2.0 vulnerabilities have been patched by Google in the Chrome 79.0.3945.79 version. The new SQLite vulnerabilities can let a hacker run malicious code remotely on Google Chrome. Magellan 2.0 consists of five vulnerabilities in total, according to the Tencent Blade security team.
SQLite is popularly used across most operating systems and software products. The Tencent Blade security team claims both SQLite and Google have confirmed the vulnerabilities and fixed them. The security team claims it will disclose more details once other vendors fix the vulnerabilities.
A malicious user can use these vulnerabilities to perform an SQL operation with a specific code. On successfully executing the SQLite operation, the attacker can remotely execute code, leak program memory, and eventually end up causing program crashes.
Apps using SQLite database without the 13 December 2019 patch and Google Chrome prior to 7.0.3945.79 are affected by these vulnerabilities. The Tencent Blade security team claims it hasn’t spotted any attacks in the wild yet and users don’t really have to worry about anything right now.
The Chinese security company will release more details about the Magellan 2.0 vulnerabilities in the coming months. As of now, developers should update their apps with the latest SQLite version and Chrome users should also update their browser.
Earlier last month, Google had patched a zero-day vulnerability in Chrome. The exploit was reportedly leveraged to execute waterhole-style injection attacks. The vulnerability exploited Chrome 65 and later version.
Source: NDTV Profit