Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 



Forgot your password?
typodupeerror
×
Chrome Google Security The Internet Technology

Google Chrome Impacted By New Magellan 2.0 Vulnerabilities (zdnet.com) 25

An anonymous reader quotes a report from ZDNet: A new set of SQLite vulnerabilities can allow attackers to remotely run malicious code inside Google Chrome, the world's most popular web browser. The vulnerabilities, five, in total, are named "Magellan 2.0," and were disclosed today by the Tencent Blade security team. All apps that use an SQLite database are vulnerable to Magellan 2.0; however, the danger of "remote exploitation" is smaller than the one in Chrome, where a feature called the WebSQL API exposes Chrome users to remote attacks, by default.

Just like the original Magellan vulnerabilities, these new variations are caused by improper input validation in SQL commands the SQLite database receives from a third-party. An attacker can craft an SQL operation that contains malicious code. When the SQLite database engine reads this SQLite operation, it can perform commands on behalf of the attacker. In a security advisory published today, the Tencent Blade team says the Magellan 2.0 flaws can lead to "remote code execution, leaking program memory or causing program crashes." All apps that use an SQLite database to store data are vulnerable, although, the vector for "remote attacks over the internet" is not exploitable by default. To be exploitable, the app must allow direct input of raw SQL commands, something that very few apps allow.
Thankfully, Google patched all five Magellan 2.0 vulnerabilities in Google Chrome 79.0.3945.79, released two weeks ago.

The SQLite project also fixed the bugs in a series of patches on December 13, 2019; however, these fixes have not been included in a stable SQLite branch -- which remains v3.30.1, released on December 10.
This discussion has been archived. No new comments can be posted.

Google Chrome Impacted By New Magellan 2.0 Vulnerabilities

Comments Filter:

Do you suffer painful hallucination? -- Don Juan, cited by Carlos Casteneda

Working...