Recently, Tencent blade security team discovered a set of SQLite vulnerability called "Magellan 2.0" and allows hackers to remotely run malicious programs on the Chrome browser. This group had five holes, numbered CVE-2019-13734, CVE-2019-13750, CVE-2019-13751, CVE-2019-13752 and CVE-2019-13753. Use SQLite database for all applications will be affected Magellan 2.0 vulnerabilities.
Magellan 2.0 is SQLite loopholes that exist (formerly: Magellan 1.0). The vulnerability has been found Tencent Blades team, and is certified to use remote code execution in the Chromium rendering. As a well-known database, SQLite is widely used in all major operating systems and modern software, so this vulnerability have a broad impact. SQLite and Google have been identified and fixed these vulnerabilities. We will not disclose any details this vulnerability, and we are urging other vendors fix this vulnerability as soon as possible.
According to Tencent blade security team's official blog post, in addition to all other than Chromium browser and Google Home-based intelligent speaker device, including Apple's iPhone, iPad, MacBook, iMac, Apple Watch and Apple TV, including many popular products include also affected.
Currently, Tencent blade team has partnered with Google, Apple, Facebook, Microsoft and SQLite official security team, to promote the progress of bug fixes. Meanwhile, Tencent blade team also remind users to pay attention to system and software update notifications. SQLite is necessary to upgrade to the latest version 3.26.0.
Last week released Google Chrome 71 also fixes the vulnerability. Chromium-based browsers, such as Vivaldi and Brave using the latest version of Chromium. However, Opera is still running an older version of Chromium, and will still be affected.