SQLite is a lightweight, popular disk-based relational database management system (RDBMS). It requires minimal support from operating systems or external libraries. Hence it is compatible with almost every platform, device and programming language.
Cybersecurity researchers have discovered a critical vulnerability in this SQLite database software that leads to exposes billions of deployments to hackers.
A newly discovered SQLite flaw Dubbed as ‘Magellan‘ by Tencent’s Blade security team. It allows executing arbitrary or malicious code on leak program memory, affected devices or crash applications.
SQLite is being used by millions of applications including IoT devices, Windows, macOS, and apps. It also includes web browsers, such as Adobe software, Skype and more.
Most famous browsers like Google Chrome, Opera, Vivaldi, and Brave also support SQLite database, a remote attacker can easily target users of affected browsers just by convincing them into visiting a specially crafted web-page.
The researchers said in a blog post, “After testing Chromium was also affected by this vulnerability, Google has confirmed and fixed this vulnerability”.
SQLite has released updated version 3.26.0 of this software to address the issue after receiving responsible disclosure from the researchers.
Google has also released Chromium version 71.0.3578.80 to patch this issue and pushed the patched version to the Google Chrome also and Brave web-browsers.
Tencent researchers said they successfully build a proof-of-concept exploit using the Magellan vulnerability and successfully tested their exploit against Google Home.
The researchers said, “We will not disclose any details of the vulnerability at this time, and we are pushing other vendors to fix this vulnerability as soon as possible”.
Users are highly recommended to update their systems and browsers and affected software versions to the latest release as soon as they become available.