Google Chrome was found to have a new set of SQLite vulnerabilities that could let attackers to remotely run malicious code inside the web browser.
A total of 5 vulnerabilities, which was named “Magellan 2.0,” were disclosed by the Tencent Blade security team.
All apps that use an SQLite database are vulnerable to Magellan 2.0, but the risk of remote exploitation is lesser than in Chrome, where a feature called the WebSQL API exposes Chrome users to remote attacks, by default.
Magellan SQLite vulnerabilities was revealed by the same Tencent Blade security team last year in December 2018.
Similar to the original Magellan vulnerabilities, these new variations are caused by improper input validation in SQL commands the SQLite database receives from a third-party.
An attacker can craft an SQL operation that contains malicious code. When the SQLite database engine reads this SQLite operation, it can perform commands on behalf of the attacker.
According to a security advisory published by the Tencent Blade team, the Magellan 2.0 flaws can lead to “remote code execution, leaking program memory or causing program crashes.”
The danger of remote attacks is present for Google Chrome users, which also uses an internal SQLite database to store various browser settings and user data.
A malicious website could use the Magellan 2.0 vulnerabilities to run malicious code against its Chrome visitors.
The five Magellan 2.0 vulnerabilities were fixed in Google Chrome 79.0.3945.79, which were released two weeks ago.
The SQLite project also fixed the bugs in a series of patches on December 13, 2019. These fixes were not included in a stable SQLite branch — which remains v3.30.1, released on December 10.
However, no evidence of any public exploit code or attacks for the Magellan 2.0 vulnerabilities are to be found. The company plans to release more details about the two bugs in the coming months.
The five Magellan 2.0 vulnerabilities are tracked as CVE-2019-13734, CVE-2019-13750, CVE-2019-13751, CVE-2019-13752, and CVE-2019-13753. The original Magellan vulnerabilities are tracked as CVE-2018-20346, CVE-2018-20505, and CVE-2018-20506.