Tencent‘s Blade security team said it has discovered a flaw in the SQLite database management system that could allow hackers to attack a wide range of software and devices, including browsers and devices based on Chromium.
“SQLite is widely used in all modern mainstream operating systems and software, so this vulnerability has a wide range of influence,” Tencent said in an advisory.
“If you use a device or software that uses SQLite or Chromium, it will be affected.”
The bug, which Tencent researchers call “Magellan”, could allow hackers to execute malicious code on an affected system, and can be triggered when, for instance, the system visits a specially crafted web page, Tencent said.
Google’s Chromium is an open source project that forms the basis for the widely used Chrome browser, as well as a number of others.
Chromium is also used in Google Home smart speakers, and Tencent’s researchers said they had demonstrated the flaw on the devices.
Tencent said it would not disclose details of the bug or the exploit code it used for the time being, but was urging the vendors affected to issue patches.
Google confirmed the issue in Chromium and patched it in version 71.0.3578.80, while SQLite issued the fix in version 3.26.0.
However, third-party software and devices based on vulnerable software often take much longer to receive patches.
Aside from Chromium and Chrome, the Opera, Safari and Android Browser browsers all use SQLite.
The database is also widely used in middleware, in web application frameworks, in software such as Skype and Evernote, in operating systems including macOS, iOS, Android, Windows 10 and Tizen, and even in BMW’s iDrive satellite navigation system.
Tencent said it hasn’t yet seen any signs that Magellan is being actively exploited.
Fourth quarter results beat Wall Street expectations, as overall sales rise 6 percent, but EU…
Hate speech non-profit that defeated Elon Musk's lawsuit, warns X's Community Notes is failing to…
Good luck. Russia demands Google pay a fine worth more than the world's total GDP,…
Google Cloud signs up Spotify, Paramount Global as early customers of its first ARM-based cloud…
Facebook parent Meta warns of 'significant acceleration' in expenditures on AI infrastructure as revenue, profits…
Microsoft says Azure cloud revenues up 33 percent for September quarter as capital expenditures surge…