Tencent Blade exposes new vulnerabilities ‘Magellan 2.0’ in Google Chrome

Tencent Blade exposes new vulnerabilities ‘Magellan 2.0’ in Google Chrome
Photo Credit: Pixabay
30 Dec, 2019

Chinese security research firm Tencent Blade exposed new vulnerabilities in Google Chrome, which could have given attackers access to run malicious code on the browser. The research firm stated that Chrome could be exploited with these vulnerabilities.

The Tencent team was able to detect five vulnerabilities in SQLite and termed them ‘Magellan 2.0’.  SQLite is a relational database management system that uses the Chrome browser as an extension across operating systems and in mobile phones.

The team had previously found similar susceptibilities in SQLite about a year ago, which it had termed ‘Magellan 1.0’.

The vulnerability was first made public in a tweet on December 24, where Tencent stated that the vulnerabilities could result in “remote code execution via WebSQL, leaking program memory or (lead to) possible program crashes”.

However, within a couple of hours, Tencent put out another tweet stating that the bugs had been fixed: “SQLite and Google have already confirmed and fixed it and we are helping other vendors through it too”.

The security research team added that there was no proof found of Magellan 2.0 being misused and no more details could be disclosed at the moment.

In another instance of a potential bug, the latest version of Google Chrome -- Google Chrome 79 -- was reported by many users who claimed that their secondary profile names were being automatically changed to ‘Person 1’. The Chrome 79 is still being rolled out and the bug is considered a big issue, as secondary profiles are usually an additional browser used by families with their individual Google accounts linked and synced, along with a separate history. It also serves as a useful tool to manage personal and work accounts, reported 9to5Google, a California-based news portal.

“It’s not deleting any profiles or wiping their data -- simply renaming the profile to remove its personalised or Google-based name," the report stated.