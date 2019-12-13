19/12/29/0051227 story
posted by Fnord666 on Sunday December 29, @08:01AM
Google Chrome impacted by new Magellan 2.0 vulnerabilities:
A new set of SQLite vulnerabilities can allow attackers to remotely run malicious code inside Google Chrome, the world's most popular web browser.
The vulnerabilities, five, in total, are named "Magellan 2.0," and were disclosed today by the Tencent Blade security team.
All apps that use an SQLite database are vulnerable to Magellan 2.0; however, the danger of "remote exploitation" is smaller than the one in Chrome, where a feature called the WebSQL API exposes Chrome users to remote attacks, by default.
(Score: 2) by DrkShadow on Sunday December 29, @08:28AM
Maybe it's the reporting around this, but this seems to be wrong. The disclosure says,
To me this means you're vulnerable if you have an SQL injection vulnerability as well, or if you're Chrome.