The vulnerability was discovered by Tencent Blade Team, the vulnerability has a wide range of impact as it affects the SQLite database management system that used by thousands of operating systems and software.
SQLite is a software library that provides a relational database management system. The lite in SQLite means light-weight in terms of setup, database administration, and required resource.
The remote code execution vulnerability dubbed Magellan allows a remote attacker to run a malicious code in a target machine or in a target process that leads to Remote code execution, leaking program memory or causing program crashes.
This SQLite bug can be triggered, if the victim explores a simple webpage in the browser that uses SQLite and the Web SQL API.
“According to Tencent Blade Team, if you use a device or software that uses SQLite or Chromium then you will be affected.”
Tencent test confirmed that SQLite bug exists with the Chromium, Google confirmed it and fixed the vulnerability with version 71.0.3578.80
We will not disclose any details of the vulnerability at this time, and we are pushing other vendors to fix this vulnerability as soon as possible, reads the security advisory published by Tencent Blade Team.