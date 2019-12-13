Stories
Google Chrome Impacted by New Magellan 2.0 Vulnerabilities

posted by Fnord666 on Sunday December 29, @08:01AM   Printer-friendly
Security

upstart writes in with an IRC submission for SoyCow1337:

Google Chrome impacted by new Magellan 2.0 vulnerabilities:

A new set of SQLite vulnerabilities can allow attackers to remotely run malicious code inside Google Chrome, the world's most popular web browser.

The vulnerabilities, five, in total, are named "Magellan 2.0," and were disclosed today by the Tencent Blade security team.

All apps that use an SQLite database are vulnerable to Magellan 2.0; however, the danger of "remote exploitation" is smaller than the one in Chrome, where a feature called the WebSQL API exposes Chrome users to remote attacks, by default.

  • (Score: 2) by DrkShadow on Sunday December 29, @08:28AM

    by DrkShadow (1404) on Sunday December 29, @08:28AM (#937115)

    All apps that use an SQLite database are vulnerable

    Maybe it's the reporting around this, but this seems to be wrong. The disclosure says,

    (1) Am I affected by the vulnerability?

    If you are using a software that is using SQLite as component (without the latest patch, which is 13 Dec 2019), and it supports external SQL queries. Or, you are using Chrome that is prior to 79.0.3945.79 with WebSQL enabled, [...]

    To me this means you're vulnerable if you have an SQL injection vulnerability as well, or if you're Chrome.

