SQLite bug impacts thousands of apps, including all Chromium-based browsers
#1
Quote:A security vulnerability in the massively popular SQLite database engine puts thousands of desktop and mobile applications at risk.

Discovered by Tencent's Blade security team, the vulnerability allows an attacker to run malicious code on the victim's computer, and in less dangerous situations, leak program memory or cause program crashes.

Because SQLite is embedded in thousands of apps, the vulnerability impacts a wide range of software, from IoT devices to desktop software, and from web browsers to Android and iOS apps.

The bad news, according to Tencent Blade researchers, is that this vulnerability can also be exploited remotely by accessing something as simple as a web page, if the underlying browser support SQLite and the Web SQL API that translates the exploit code into regular SQL syntax.

Firefox and Edge don't support this API, but the Chromium open-source browser engine does. This means that Chromium-based browsers like Google Chrome, Vivaldi, Opera, and Brave, are all affected.

Tencent Blade researchers said they reported this issue to the SQLite team earlier this fall. A fix was shipped out on December 1, with the release of SQLite 3.26.0. The fix was also ported inside Chromium, and later in Google Chrome 71, released last week.

Source: https://www.zdnet.com/article/sqlite-bug...-browsers/
[-] The following 1 user says Thank You to silversurfer for this post:
  â€˘ harlan4096
Reply


Messages In This Thread
SQLite bug impacts thousands of apps, including all Chromium-based browsers - by silversurfer - 15 December 18, 09:52

Forum Jump:


Users browsing this thread: 1 Guest(s)
[-]
Welcome
You have to register before you can post on our site.

Username/Email:


Password:





[-]
Recent Posts
uBOLite_2024.12.23.23
uBOLite_2024.12.23...harlan4096 — 10:29
You found a seed phrase from someone els...
Scammers have inve...harlan4096 — 09:58
Google files remedies proposal in DOJ's ...
The U.S. Departmen...harlan4096 — 09:48
PowerToys 0.87.1
PowerToys 0.87.1 ...harlan4096 — 09:46
GFYI [Official] EaseUS Christmas 2024 B...
Merry Christmas and ...zevish — 08:07

[-]
Birthdays
Today's Birthdays
No birthdays today.
Upcoming Birthdays
No upcoming birthdays.

[-]
Online Staff
zevish's profile zevish

>