A new set of SQLite vulnerabilities affecting Chrome versions prior to 79.03945.79 has been uncovered by security researchers. It is dubbed as Magellan 2.0 and is a collection of five vulnerabilities.
What is the impact?
What are the vulnerabilities?
The vulnerabilities that make up the Magellan 2.0 are tracked as CVE-2019-13734, CVE-2019-13750, CVE-2019-13751, CVE-2019-13752, and CVE-2019-13753.
Which devices are affected?
All apps that use an SQLite database are vulnerable to Magellan 2.0. The vulnerabilities also affect browsers that have WebSQL enabled and meet one of the following conditions:
How to resolve the issue?
The five Magellan 2.0 vulnerabilities have been fixed in Google Chrome 79.0.3945.79. The SQLite project has also fixed the bugs in a series of patches on December 13, 2019. However, these fixes have not been included in a stable SQLite version v3.30.1, released on December 10.