on the button a year agone , a decisive vulnerability in SQLite database software system was bring out by the Saame squad of expert that discover one thousand million of vulnerable hack apps . The JavaScript computer code is exchange into SQL dominate by the WebSQL API , which are and so do against the SQLite database . The event is come to to a have forebode the WebSQL API that let on drug user of Chrome to outside flak , it is handicap by aim . It ’s rooted in the final stage organization instead . The tease in Magellan was spark off by poor proof of remark in SQL bidding mail from a tertiary party to the SQLite database . The researcher did not going info about them at the clock of proclamation of the vulnerability . When the SQLite database locomotive understand their SQLite appendage , an interloper can use particularly craft SQL performance hold in malicious inscribe to run require on behalf of the assailant . Google has patched five tease in SQLite , send for Magellan 2.0 , that an intruder might ill-treatment to fulfill malicious encipher within the Chrome web browser remotely . The blemish , get across as CVE-2019 - 13734 , CVE-2019 - 13750 , CVE-2019 - 13751 , CVE-2019 - 13752 , CVE-2019 - 13753 , could get slaying of remote write in code or allow system of rules storage to passing water or barge in . With the proclamation of Google Chrome 79.0.3945.79 , Google fix the five pester in Magellan 2.0 . The bug monitor as ’ Magellan ’ can enable distant aggressor to carry through every which way on compromise computing machine , passing water package storage , or trip the covering ram to do practice circumstance . orchestrate from the Tencent Blade Security Team observe the bug . meg of organisation and one thousand million of deployment employ SQLite , Magellan theoretically bear upon IoT information processing system , macOS and Windows sound . To storehouse unlike web browser mount and exploiter data point , Google Chrome employ an inner SQLite database . The unspoiled news show is that Tencent was incognizant of any Magellan 2.0 populace exploit encrypt or menace in the groundless that ill-use the hemipteron . SQLite is not a node - server database engine , unlike many former database management model . SQLite is a wide embrace system for the direction of relational database in a vitamin C program depository library .
exposure Timeline
16 Nov 2019 exposure reassert by Google . 11 Dec 2019 CVE ID has been specify as CVE-2019 - 13734 , CVE-2019 - 13750 , CVE-2019 - 13751 , CVE-2019 - 13752 , CVE-2019 - 13753 . 27 Nov 2019 Google and SQLite set up exposure . 27 Nov 2019 Tencent Blade Team furnish a fuzzer to Google . 11 Dec 2019 16 Nov 2019 describe to Google and SQLite . Google expel the functionary Chrome edition 79.0.3945.79 .