Another serious security flaw has been found in the popular Google Chrome Internet browser.
Known as Magellan 2.0, it is actually a set of five vulnerabilities relating to how Chrome uses the SQLite function to work with data.
Discovered by researchers at the Tencent Blade Team, the Magellan 2.0 vulnerabilities come just after a year since the same team discovered a similar set of issues within the Chrome browser.
SQLite flaws
These vulnerabilities all relate to how data input is validated by Chrome's built in SQL database, specially the way its WebSQL API changes JavaScript code into SQL commands.
At best any of these five vulnerabilities could have resulted in the Chrome browser crashing. At worst, the researchers claim the vulnerabilities could have allowed an attacker to set up a SQL operation to hijack some part of the browser functions, through remote code execution.
However, there's no need to panic as Tencent Blade have already notified Google and SQLite of the vulnerabilities, and these have been patched in the latest version of the Google Chrome browser.
Additionally, the Tencent Blade Team announced that they haven't detected any exploitation of the reported vulnerabilities against general internet users.
Known as Magellan 2.0, it is actually a set of five vulnerabilities relating to how Chrome uses the SQLite function to work with data.
Discovered by researchers at the Tencent Blade Team, the Magellan 2.0 vulnerabilities come just after a year since the same team discovered a similar set of issues within the Chrome browser.
SQLite flaws
These vulnerabilities all relate to how data input is validated by Chrome's built in SQL database, specially the way its WebSQL API changes JavaScript code into SQL commands.
At best any of these five vulnerabilities could have resulted in the Chrome browser crashing. At worst, the researchers claim the vulnerabilities could have allowed an attacker to set up a SQL operation to hijack some part of the browser functions, through remote code execution.
However, there's no need to panic as Tencent Blade have already notified Google and SQLite of the vulnerabilities, and these have been patched in the latest version of the Google Chrome browser.
Additionally, the Tencent Blade Team announced that they haven't detected any exploitation of the reported vulnerabilities against general internet users.
0 comments:
Post a Comment