Tencent security researcher sits on Google Chrome’s new Magellan 2.0 vulnerability. The researchers found five vulnerabilities in SQLite, collectively known as Magellan 2.0, that allowed an attacker to run malicious code remotely within Google Chrome. Google and SQLite have officially confirmed and fixed the vulnerability.
Users may be affected if they use an older version of SQLite before December 13, 2019, or a device that runs below Chrome 79.0.3945.79 and has WebSQL enabled. Similar to Magellan 1.0, this new set of vulnerabilities is caused by incorrect validation of SQL command input from the SQLite database from third parties. An attacker could create an SQL action command that contains malicious code that executes malicious code when the SQLite database engine reads the instruction.