Researchers have disclosed five recently-patched vulnerabilities in the Google Chrome browser that could be exploited by an attacker to remotely execute code.
The vulnerabilities, dubbed Magellan 2.0 by the Tencent Blade team of researchers who discovered them, exist in the SQLite database management system. SQLite is a lightweight, self-contained database engine utilized widely in browsers, operating systems and mobile phones.
Researchers said that they were able to successfully exploit the Chrome browser leveraging the five vulnerabilities: CVE-2019-13734, CVE-2019-13750, CVE-2019-13751, CVE-2019-13752, CVE-2019-13753. According to their CVE Mitre descriptions, the vulnerabilities could be exploited remotely via a crafted HTML page to launch an array of malicious attacks – allowing attackers to do anything from “bypass defense-in-depth measures” to “obtain potentially sensitive information from process memory.”
“Magellan means a group of vulnerabilities we have reported recently,” said Tencent researchers in an advisory this week. “If you are using a software that is using SQLite as component (without the latest patch), and it supports external SQL queries… Or, you are using Chrome that is prior to 79.0.3945.79 and it enabled WebSQL, you may be affected.”
Due to “responsible vulnerability disclosure process,” researchers said they are not disclosing further details of the vulnerability “90 days after the vulnerability report.”
The flaw was reported to Google and SQLite on Nov. 16, 2019; on Dec. 11, 2019, Google released the official fixed Chrome version: 79.0.3945.79. Chrome/Chromium browsers prior to version 79.0.3945.79 with WebSQL enabled may be affected, researchers said.
“We have reported all the details of the vulnerability to Google and they have fixed vulnerabilities,” said researchers. “If your product uses Chromium, please update to the official stable version 79.0.3945.79. If your product uses SQLite, please update to the newest code commit.”
No need to worry: SQLite and Google have already confirmed and fixed it and we are helping other vendors through it too. We haven't found any proof of wild abuse of Magellan 2.0 and will not disclose any details now. Feel free to contact us if you had any technical questions! https://t.co/3hUro9URWf
— Tencent Blade Team (@tencent_blade) December 24, 2019
Researchers said that they have not yet seen Magellan 2.0 exploited in the wild.
Magellan 2.0 builds on previously-disclosed Magellan flaws, a set of three heap buffer overflow and heap data disclosure vulnerabilities in SQLite (CVE-2018-20346, CVE-2018-20505 CVE-2018-20506). These flaws, discovered in 2018, impact a large number of browsers, IoT devices and smartphones that use the open source Chromium engine.