Critical ‘Magellan’ Bug Hits Google Chrome, SQLite

Tencent‘s Blade security team said it has discovered a flaw in the SQLite database management system that could allow hackers to attack a wide range of software and devices, including browsers and devices based on Chromium.

“SQLite is widely used in all modern mainstream operating systems and software, so this vulnerability has a wide range of influence,” Tencent said in an advisory.

“If you use a device or software that uses SQLite or Chromium, it will be affected.”

The bug, which Tencent researchers call “Magellan”, could allow hackers to execute malicious code on an affected system, and can be triggered when, for instance, the system visits a specially crafted web page, Tencent said.

Wide effect

Google’s Chromium is an open source project that forms the basis for the widely used Chrome browser, as well as a number of others.

Chromium is also used in Google Home smart speakers, and Tencent’s researchers said they had demonstrated the flaw on the devices.

Tencent said it would not disclose details of the bug or the exploit code it used for the time being, but was urging the vendors affected to issue patches.

Google confirmed the issue in Chromium and patched it in version 71.0.3578.80, while SQLite issued the fix in version 3.26.0.

However, third-party software and devices based on vulnerable software often take much longer to receive patches.

Aside from Chromium and Chrome, the Opera, Safari and Android Browser browsers all use SQLite.

The database is also widely used in middleware, in web application frameworks, in software such as Skype and Evernote, in operating systems including macOS, iOS, Android, Windows 10 and Tizen, and even in BMW’s iDrive satellite navigation system.

Tencent said it hasn’t yet seen any signs that Magellan is being actively exploited.

Matthew Broersma

Matt Broersma is a long standing tech freelance, who has worked for Ziff-Davis, ZDnet and other leading publications

Recent Posts

Italian Regulator Recalculates Apple, Amazon Fines

Italian regulator admits it has redetermined the fines against Apple and Amazon, over the sale…

9 hours ago

Red Cross ‘Appalled’ As Hackers Steal Humanitarian Data Of 515,000 People

A new low. International Committee of the Red Cross shuts down reunification system, after hackers…

13 hours ago

Russia Proposes Ban On Cryptocurrencies, Crypto Mining

Russia's central bank has this week proposed the banning on the use and mining of…

14 hours ago

Apple Working To Patch Safari Data Leak Vulnerability

Oh dear, not so private. Webkit browser engine flaw has been leaking user ID and…

15 hours ago

EU Chief Confirms Chip Law Proposal For Early February

Chip shortage solution? European Commission boss says the European Chips Act legislation will be proposed…

16 hours ago