Critical ‘Magellan’ Bug Hits Google Chrome, SQLite

Tencent‘s Blade security team said it has discovered a flaw in the SQLite database management system that could allow hackers to attack a wide range of software and devices, including browsers and devices based on Chromium.

“SQLite is widely used in all modern mainstream operating systems and software, so this vulnerability has a wide range of influence,” Tencent said in an advisory.

“If you use a device or software that uses SQLite or Chromium, it will be affected.”

The bug, which Tencent researchers call “Magellan”, could allow hackers to execute malicious code on an affected system, and can be triggered when, for instance, the system visits a specially crafted web page, Tencent said.

Wide effect

Google’s Chromium is an open source project that forms the basis for the widely used Chrome browser, as well as a number of others.

Chromium is also used in Google Home smart speakers, and Tencent’s researchers said they had demonstrated the flaw on the devices.

Tencent said it would not disclose details of the bug or the exploit code it used for the time being, but was urging the vendors affected to issue patches.

Google confirmed the issue in Chromium and patched it in version 71.0.3578.80, while SQLite issued the fix in version 3.26.0.

However, third-party software and devices based on vulnerable software often take much longer to receive patches.

Aside from Chromium and Chrome, the Opera, Safari and Android Browser browsers all use SQLite.

The database is also widely used in middleware, in web application frameworks, in software such as Skype and Evernote, in operating systems including macOS, iOS, Android, Windows 10 and Tizen, and even in BMW’s iDrive satellite navigation system.

Tencent said it hasn’t yet seen any signs that Magellan is being actively exploited.

Matthew Broersma

Matt Broersma is a long standing tech freelance, who has worked for Ziff-Davis, ZDnet and other leading publications

Recent Posts

X’s Community Notes Fails To Stem US Election Misinformation – Report

Hate speech non-profit that defeated Elon Musk's lawsuit, warns X's Community Notes is failing to…

1 day ago

Google Fined More Than World’s GDP By Russia

Good luck. Russia demands Google pay a fine worth more than the world's total GDP,…

1 day ago

Spotify, Paramount Sign Up To Use Google Cloud ARM Chips

Google Cloud signs up Spotify, Paramount Global as early customers of its first ARM-based cloud…

2 days ago

Meta Warns Of Accelerating AI Infrastructure Costs

Facebook parent Meta warns of 'significant acceleration' in expenditures on AI infrastructure as revenue, profits…

2 days ago

AI Helps Boost Microsoft Cloud Revenues By 33 Percent

Microsoft says Azure cloud revenues up 33 percent for September quarter as capital expenditures surge…

2 days ago