Google Chrome is today the most used browser by users. It is present in most platforms and systems. This means that when a vulnerability appears it can affect a large number of Internet users. Today we echo Magellan 2.0 , a series of vulnerabilities that put Google’s browser at risk. It is a set of SQLite vulnerabilities that can allow attackers to remotely execute malicious code inside the browser.
Magellan 2.0, the latest threat to Google Chrome
This set of vulnerabilities in total is five. They have been called Magellan 2.0 and affect the most popular browser today that is Google Chrome. Of course, it should be mentioned that all applications that use SQLite database can be vulnerable to Magellan 2.0. However, the real danger of remote exploitation is less than in the case of the browser.
In the case of Chrome it is more dangerous and therefore more vulnerable to this problem since there is a feature called WebSQL API that exposes users to remote attacks.
Vulnerabilities that were called Magellan SQLite appeared last year, hence the name of Magellan 2.0 now appears. In this case the new variations are caused by an incorrect input validation in the SQL commands that the SQLite database receives from a third party.
This means that a hypothetical attacker can create an SQL operation that contains malicious code. When the SQLite database engine reads this SQLite operation, it can execute commands on behalf of the attacker.
As we have indicated, all applications that use an SQLite database to store data are vulnerable. However, to be really exploitable, the application must accept the direct entry of raw SQL commands , something that not many applications allow.
Google Chrome uses an SQL database, so it is vulnerable to this problem. Chrome includes WebSQL , an API that translates JavaScript code into SQL commands. These commands are subsequently executed in the SQLite database of the browser.
For example, a malicious website could use Magellan 2.0 vulnerabilities to execute malicious code on visitors.
How to avoid being a victim of these vulnerabilities
Luckily, users do not run a real danger due to Magellan 2.0 vulnerabilities. Of course, we will be safe as long as we have updated the browser correctly. Chrome was informed of the problem and released patches to correct these bugs that put its users at risk. Specifically they were solved with the latest version Google Chrome 79.0.3945.79 .
Once again the importance of always having browsers updated correctly is demonstrated. In this case these are vulnerabilities that can put Chrome users at risk , but there may be security flaws in any other program or system.
It is necessary to always keep systems and applications correctly updated . Only in this way will we really prevent the entry of threats that put our equipment at risk.