Google Chrome impacted by new Magellan 2.0 vulnerabilities

erek · Dec 24, 2019

darn

"Nonetheless, a remote code execution (RCE) scenario is possible in Chrome, primarily due to the existence of the WebSQL API.

The five Magellan 2.0 vulnerabilities are tracked as CVE-2019-13734, CVE-2019-13750, CVE-2019-13751, CVE-2019-13752, and CVE-2019-13753. The original Magellan vulnerabilities are tracked as CVE-2018-20346, CVE-2018-20505, and CVE-2018-20506."

https://www.zdnet.com/article/google-chrome-impacted-by-new-magellan-2-0-vulnerabilities/

Grimlaking · Dec 24, 2019

Lets see how long it takes google to patch these.

Mega6 · Dec 24, 2019

Chrome used to be the "gold standard" for security but I have since gone to FireFox with security add ons (NoScript, https everywhere.. ect.)

pillagenburn · Dec 24, 2019

are chrome derivatives (i.e. brave, Opera etc) vulnerable to this also ? I'm assuming so.

Mega6 · Dec 24, 2019

pillagenburn said:
are chrome derivatives (i.e. brave, Opera etc) vulnerable to this also ? I'm assuming so.

Grabbing one of the CVE's only google chrome is listed.

Out of bounds write in SQLite in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

Google Chrome impacted by new Magellan 2.0 vulnerabilities

erek

[H]F Junkie

Grimlaking

2[H]4U

Mega6

2[H]4U

pillagenburn

[H]ard|Gawd

Mega6

2[H]4U