Google has patch five hemipteron in SQLite , send for Magellan 2.0 , that an interloper might misuse to accomplish malicious encrypt within the Chrome web browser remotely . organise from the Tencent Blade Security Team see the hemipteran . The subject is connect to a boast shout out the WebSQL API that break user of Chrome to remote control assail , it is disable by excogitation . The JavaScript inscribe is converted into SQL statement by the WebSQL API , which are so perform against the SQLite database . precisely a yr agone , a vital vulnerability in SQLite database software was disclose by the same team of expert that exposed trillion of vulnerable hack apps . The intercept supervise as ’ Magellan ’ can enable distant attacker to fulfill arbitrarily on compromise estimator , wetting software memory , or trigger off the coating barge in to grounds answer condition . SQLite is a wide espouse organization for the management of relational database in a c programming program library . SQLite is not a guest - host database engine , unlike many other database management model . It ’s take root in the destruction scheme alternatively . meg of organisation and zillion of deployment practice SQLite , Magellan theoretically shock IoT calculator , macOS and Windows telephone set . The microbe in Magellan was trigger off by poor validation of stimulant in SQL require transport from a third gear political party to the SQLite database . When the SQLite database railway locomotive say their SQLite physical process , an trespasser can usage especially craft SQL surgery bear malicious computer code to execute command on behalf of the aggressor . The blemish , pass over as CVE-2019 - 13734 , CVE-2019 - 13750 , CVE-2019 - 13751 , CVE-2019 - 13752 , CVE-2019 - 13753 , could causal agent execution of outside encipher or allow for scheme retentiveness to leakage or barge in . To hive away unlike web browser place setting and user data point , Google Chrome apply an interior SQLite database . With the annunciation of Google Chrome 79.0.3945.79 , Google desex the five germ in Magellan 2.0 . The just news show is that Tencent was unaware of any Magellan 2.0 world exploit encrypt or terror in the barbaric that vilification the hemipteran . The researcher did not loss entropy about them at the sentence of announcement of the exposure .

# # vulnerability timeline

16 Nov 2019 cover to Google and SQLite . 16 Nov 2019 vulnerability substantiate by Google . 27 Nov 2019 Google and SQLite posit exposure . 27 Nov 2019 Tencent Blade Team allow a fuzzer to Google . 11 Dec 2019 Google unblock the prescribed Chrome rendering 79.0.3945.79 . 11 Dec 2019 CVE ID has been arrogate as CVE-2019 - 13734 , CVE-2019 - 13750 , CVE-2019 - 13751 , CVE-2019 - 13752 , CVE-2019 - 13753 .