Share now!

Actually 5 vulnerabilities that were baptized "Magellan 2.0"Is a set of attacks that can be performed using the SQLite function. Chrome uses this technology to manage data (as it is used on a given website). The error finders are researchers from the Tencent Blade Team who a year ago found a set of very similar threats related to Google Chrome. All these vulnerabilities are related to how the data input is validated by the built-in SQL Chrome database, and especially how its WebSQL API changes JavaScript code to SQL commands. At best, while exploiting these features, Google Chrome will simply hang around the world and then restart. In the worst case, however, it will give cybercriminals the opportunity to construct a SQL operation that is dangerous for the victim – then the cybercriminal will gain access to some functions of the web browser, including the remote execution of the desired code.

Read more: You'll feel safer with Chrome 79

Execution of remote code is the "Holy Grail" for cybercriminals who are looking for a method to take control of the victim's browser: then it will be possible to steal private data, passwords, and even substitute other websites instead of those that the victim actually wants to view. Just imagine, instead of a bank page, a website might appear to resemble a financial institution's web application – hence the easy way to steal your money. Tencent Blade Team, however, behaved as it should in such a situation: first of errors notified Google and provided detailed documentation to the browser manufacturer. Then, he checked if anyone was using these vulnerabilities to attack the victims.

  Google wants to care for Pixels like Apple for iPhones. What will come of it?
Facebook Comments