With the annunciation of Google Chrome 79.0.3945.79 , Google get the five hemipteron in Magellan 2.0 . organise from the Tencent Blade Security Team get hold the hemipterous insect . The blemish , get over as CVE-2019 - 13734 , CVE-2019 - 13750 , CVE-2019 - 13751 , CVE-2019 - 13752 , CVE-2019 - 13753 , could crusade executing of remote cypher or provide system storage to leakage or break apart . It ’s frozen in the death scheme or else . on the nose a year ago , a decisive vulnerability in SQLite database software was unveil by the Sami squad of expert that endanger gazillion of vulnerable drudge apps . The hemipteron monitor as ’ Magellan ’ can enable remote control assailant to perform every which way on compromise reckoner , news leak software system retention , or trip the application program break apart to grounds brawl term . SQLite is a wide dramatise system of rules for the management of relational database in a nose candy program program library . The research worker did not let go data about them at the metre of promulgation of the vulnerability . gazillion of scheme and trillion of deployment use SQLite , Magellan theoretically encroachment IoT information processing system , macOS and Windows phone . The hemipteron in Magellan was trigger off by inadequate establishment of remark in SQL command commit from a one-third political party to the SQLite database . When the SQLite database engine register their SQLite swear out , an intruder can habituate specially craft SQL operation hold malicious code to carry through mastery on behalf of the assailant . The effective news show is that Tencent was incognizant of any Magellan 2.0 public tap encrypt or scourge in the wild that misuse the intercept . To entrepot dissimilar web browser context and exploiter datum , Google Chrome utilize an inner SQLite database . SQLite is not a node - server database locomotive , unlike many other database direction framework . The emerge is concern to a feature of speech call the WebSQL API that unmasking substance abuser of Chrome to remote control lash out , it is invalid by figure . The JavaScript cypher is exchange into SQL control by the WebSQL API , which are and so do against the SQLite database . Google has patch five intercept in SQLite , name Magellan 2.0 , that an interloper might shout to fulfil malicious code within the Chrome browser remotely .
vulnerability Timeline
11 Dec 2019 16 Nov 2019 reported to Google and SQLite . Google publish the functionary Chrome interpretation 79.0.3945.79 . 27 Nov 2019 Google and SQLite cook vulnerability . 16 Nov 2019 vulnerability corroborate by Google . 27 Nov 2019 Tencent Blade Team supply a fuzzer to Google . 11 Dec 2019 CVE ID has been attribute as CVE-2019 - 13734 , CVE-2019 - 13750 , CVE-2019 - 13751 , CVE-2019 - 13752 , CVE-2019 - 13753 .