Researchers have disclosed five recently-patched vulnerabilities in the Google Chrome browser that could be exploited by an attacker to remotely execute code.
The vulnerabilities, dubbed Magellan 2.0 by the Tencent Blade team of researchers who discovered them, exist in the SQLite database management system. SQLite is a lightweight, self-contained database engine utilized widely in browsers, operating systems and mobile phones.
Researchers said that they were able to successfully exploit the Chrome browser leveraging the five vulnerabilities: CVE-2019-13734, CVE-2019-13750, CVE-2019-13751, CVE-2019-13752, CVE-2019-13753. According to their CVE Mitre descriptions, the vulnerabilities could be exploited remotely via a crafted HTML page to launch an array of malicious attacks – allowing attackers to do anything from “bypass defense-in-depth measures” to “obtain potentially sensitive information from process memory.”
Due to “responsible vulnerability disclosure process,” researchers said they are not disclosing further details of the vulnerability “90 days after the vulnerability report.”
The flaw was reported to Google and SQLite on Nov. 16, 2019; on Dec. 11, 2019, Google released the official fixed Chrome version: 79.0.3945.79. Chrome/Chromium browsers prior to version 79.0.3945.79 with WebSQL enabled may be affected, researchers said.
“We have reported all the details of the vulnerability to Google and they have fixed vulnerabilities,” said researchers. “If your product uses Chromium, please update to the official stable version 79.0.3945.79. If your product uses SQLite, please update to the newest code commit.”
Researchers said that they have not yet seen Magellan 2.0 exploited in the wild.
Magellan 2.0 builds on previously-disclosed Magellan flaws, a set of three heap buffer overflow and heap data disclosure vulnerabilities in SQLite (CVE-2018-20346, CVE-2018-20505 CVE-2018-20506). These flaws, discovered in 2018, impact a large number of browsers, IoT devices and smartphones that use the open source Chromium engine.