• About
  • Advertise
  • Careers
  • Contact
Monday, February 6, 2023
No Result
View All Result
NEWSLETTER
Cyber360 News
  • Home
  • Security
  • Data Breach
  • Cyber Attacks
  • Cyber Security
  • Cyber Crime
  • Contact Us
  • Home
  • Security
  • Data Breach
  • Cyber Attacks
  • Cyber Security
  • Cyber Crime
  • Contact Us
No Result
View All Result
Cyber360 News
No Result
View All Result
Home Security

Experts warn of 5 new flaws in Google Chrome dubbed Magellan 2.0

by Cyber360 News
December 26, 2019
in Security
0
Experts warn of 5 new flaws in Google Chrome dubbed Magellan 2.0
0
SHARES
0
VIEWS
Share on FacebookShare on Twitter

Google addressed a new set of vulnerabilities, dubbed Magellan 2.0, that could be exploited for remote code execution inside the Chrome browser.

Google has fixed five SQLite vulnerabilities, dubbed Magellan 2.0, that could be exploited by an attacker to remotely execute malicious code inside the Chrome browser.

The vulnerabilities were discovered by researchers from the Tencent Blade security team.

The issue is related to a feature called the WebSQL API that exposes Chrome users to remote attacks, it is enabled by default. The WebSQL API translates JavaScript code into SQL commands, which are then executed against Chrome’s SQLite database.

Exactly one year ago, the same team of experts disclosed a critical vulnerability in SQLite database software that exposed billions of vulnerable apps to hackers.

The vulnerability tracked as ‘Magellan‘ could allow remote attackers to execute arbitrary on vulnerable devices, leak program memory or cause dos condition with application crash.

SQLite is a widely adopted relational database management system contained in a C programming library. Unlike many other database management systems, SQLite is not a client–server database engine. Rather, it is embedded into the end program.

SQLite is used by millions of applications with billions of installs, Magellan potentially affects IoT devices, macOS and Windows apps.

The Magellan vulnerabilities are caused by improper input validation in SQL commands sent to the SQLite database from a third-party.

An attacker can use specially crafted SQL operations containing malicious code, when the SQLite database engine will read them SQLite operation, it will perform commands on behalf of the attacker.

“Magellan 2.0 is some vulnerabilities that exist in SQLite (Former was: Magellan 1.0 ). These vulnerabilities were found by Tencent Blade Team and verified to be able to exploit remote code execution in Chromium render process.” reads the advisory published by the experts. “As a well-known database, SQLite is widely used in all modern mainstream operating systems and softwares, so this vulnerability has a wide range of influence. SQLite and Google had confirmed and fixed these vulnerabilities.”

The flaws, tracked as CVE-2019-13734, CVE-2019-13750, CVE-2019-13751, CVE-2019-13752, CVE-2019-13753, could cause remote code execution, or could leak program memory or cause program crashes.

Any app using an SQLite database to store data is vulnerable if allows direct input of raw SQL commands.

Google Chrome uses an internal SQLite database to store various browser settings and user data.

Google addressed the five Magellan 2.0 vulnerabilities with the release of Google Chrome 79.0.3945.79.

The good news is that Tencent was not aware of any public exploit code for Magellan 2.0 or attacks in the wild exploiting the flaws. At the time of disclosing the flaws, the experts did not release details about them.

Vulnerabilities Timeline

  • 16 Nov 2019 Reported to Google and SQLite.
  • 16 Nov 2019 Vulnerabilities confirmed by Google.
  • 27 Nov 2019 Google and SQLite fixed vulnerabilities.
  • 27 Nov 2019 Tencent Blade Team provided a fuzzer to Google.
  • 11 Dec 2019 Google released the official Chrome version 79.0.3945.79.
  • 11 Dec 2019 CVE ID has been assigned as CVE-2019-13734, CVE-2019-13750, CVE-2019-13751, CVE-2019-13752, CVE-2019-13753.

Pierluigi Paganini

(SecurityAffairs – Magellan 2.0, hacking)



Share On


Cyber360 News

Cyber360 News

Next Post
iPhones Are 167 Times More Prone To Hacking Than Other Brands: Study

iPhones Are 167 Times More Prone To Hacking Than Other Brands: Study

Recent Posts

Twitch’s Entire Critical Data Leaked, Includes Streamer Earnings, Source Code

Twitch’s Entire Critical Data Leaked, Includes Streamer Earnings, Source Code

October 6, 2021
Former U.S. Security Firm Helped The UAE Carry Out “Karma” iMessage Hack: MIT Tech Review

Former U.S. Security Firm Helped The UAE Carry Out “Karma” iMessage Hack: MIT Tech Review

October 1, 2021
Facing “This App Has Been Blocked For Your Protection” Issue? Here’s How You Can Fix It

Facing “This App Has Been Blocked For Your Protection” Issue? Here’s How You Can Fix It

October 1, 2021

Whats New in Kali Linux?

September 14, 2021

Kali Linux 2019.3 Release (CloudFlare, Kali-status, metapackages, Helper-Scripts & LXD)

September 14, 2021

Kali Linux 2021.3 Release (OpenSSL, Kali-Tools, Kali Live VM Support, Kali NetHunter Smartwatch)

September 14, 2021

Kali Linux 2018.4 Release

September 14, 2021

Kali Linux 1.0.5 and Software Defined Radio

September 14, 2021

Kali Tools Website Launched, 1.0.9 Release

September 14, 2021

Kali Linux Dojo at Black Hat Vegas 2016

September 14, 2021

Category

Site Links

  • Log in
  • Entries feed
  • Comments feed
  • WordPress.org

About Us

We bring you the best Premium WordPress Themes that perfect for news, magazine, personal blog, etc. Check our landing page for details.

© 2019 Cyber360 News - Powered by WebSensePro

No Result
View All Result
  • Home
  • Security
  • Data Breach
  • Cyber Attacks
  • Cyber Security
  • Cyber Crime
  • Contact Us

© 2019 Cyber360 News - Powered by WebSensePro

Login to your account below

Forgotten Password?

Fill the forms bellow to register

All fields are required. Log In

Retrieve your password

Please enter your username or email address to reset your password.

Log In