Critical ‘Magellan’ Bug Hits Google Chrome, SQLite

Tencent‘s Blade security team said it has discovered a flaw in the SQLite database management system that could allow hackers to attack a wide range of software and devices, including browsers and devices based on Chromium.

“SQLite is widely used in all modern mainstream operating systems and software, so this vulnerability has a wide range of influence,” Tencent said in an advisory.

“If you use a device or software that uses SQLite or Chromium, it will be affected.”

The bug, which Tencent researchers call “Magellan”, could allow hackers to execute malicious code on an affected system, and can be triggered when, for instance, the system visits a specially crafted web page, Tencent said.

Wide effect

Google’s Chromium is an open source project that forms the basis for the widely used Chrome browser, as well as a number of others.

Chromium is also used in Google Home smart speakers, and Tencent’s researchers said they had demonstrated the flaw on the devices.

Tencent said it would not disclose details of the bug or the exploit code it used for the time being, but was urging the vendors affected to issue patches.

Google confirmed the issue in Chromium and patched it in version 71.0.3578.80, while SQLite issued the fix in version 3.26.0.

However, third-party software and devices based on vulnerable software often take much longer to receive patches.

Aside from Chromium and Chrome, the Opera, Safari and Android Browser browsers all use SQLite.

The database is also widely used in middleware, in web application frameworks, in software such as Skype and Evernote, in operating systems including macOS, iOS, Android, Windows 10 and Tizen, and even in BMW’s iDrive satellite navigation system.

Tencent said it hasn’t yet seen any signs that Magellan is being actively exploited.

Matthew Broersma

Matt Broersma is a long standing tech freelance, who has worked for Ziff-Davis, ZDnet and other leading publications

Recent Posts

UK’s CMA Readies Cloud Sector “Behavioural” Remedies – Report

Targetting AWS, Microsoft? British competition regulator soon to announce “behavioural” remedies for cloud sector

5 hours ago

Former Policy Boss At X Nick Pickles, Joins Sam Altman Venture

Move to Elon Musk rival. Former senior executive at X joins Sam Altman's venture formerly…

7 hours ago

Bitcoin Rises Above $96,000 Amid Trump Optimism

Bitcoin price rises towards $100,000, amid investor optimism of friendlier US regulatory landscape under Donald…

9 hours ago

FTX Co-Founder Gary Wang Spared Prison

Judge Kaplan praises former FTX CTO Gary Wang for his co-operation against Sam Bankman-Fried during…

9 hours ago