New Delhi: Cybersecurity researchers have discovered new vulnerabilities in Google Chrome that may allow attackers to remotely run malicious code inside the popular web browser. The SQLite vulnerabilities – five in total and called “Magellan 2.0” have been disclosed by the Tencent Blade security team.
“SQLite and Google have already confirmed and fixed it and we are helping other vendors through it too. We haven’t found any proof of wild abuse of Magellan 2.0 and will not disclose any details now,” tweeted the Chinese Tencent Blade Team.
“Magellan 2.0 on its way! Blade researcher @leonwxqian found another set of vulnerabilities in #SQLite which can result in remote code execution via WebSQL, leaking programme memory or possible programme crashes,” the team earlier tweeted.
All apps that use an SQLite database are vulnerable to Magellan 2.0.
However, the danger of a remote exploitation’ is smaller than the one in Chrome, where a feature called the ‘WebSQL API’ exposes Chrome users to remote attacks, by default,” ZDNet reported on Thursday.
The same Tencent Blade security team disclosed the original “Magellan SQLite” vulnerabilities in December 2018. An attacker can craft an SQL operation that contains malicious code.
According to the Tencent team, the five Magellan 2.0 vulnerabilities were fixed in Google Chrome “79.0.3945.79” version.
Meanwhile, In the latest Google Chrome 79, several users have noticed that their secondary profiles are losing names and being called “Person 1” instead. (IANS)