Google Chrome gets hit with Magellan 2.0 bug

Cybersecurity researchers have discovered new vulnerabilities in Google Chrome because of which users are losing secondary profiles.

Cybersecurity researchers have found new vulnerabilities in Google Chrome that may allow attackers to remotely run malicious code inside the popular web browser.

The SQLite vulnerabilities – five in total and called “Magellan 2.0” have been disclosed by the Tencent Blade security team.

“SQLite and Google have already confirmed and fixed it and we are helping other vendors through it too. We haven’t found any proof of wild abuse of Magellan 2.0 and will not disclose any details now,” tweeted the Chinese Tencent Blade Team.

“Magellan 2.0 on its way! Blade researcher @leonwxqian found another set of vulnerabilities in #SQLite which can result in remote code execution via WebSQL, leaking program memory or possible program crashes,” the team earlier tweeted.

All apps that use an SQLite database are vulnerable to Magellan 2.0.

However, the danger of a remote exploitation’ is smaller than the one in Chrome, where a feature called the ‘WebSQL API’ exposes Chrome users to remote attacks, by default,” ZDNet reported on Thursday.

The same Tencent Blade security team disclosed the original “Magellan SQLite” vulnerabilities in December 2018.

- Advertisement -

An attacker can craft an SQL operation that contains malicious code.

According to the Tencent team, the five Magellan 2.0 vulnerabilities were fixed in Google Chrome “79.0.3945.79” version.

Meanwhile, In the latest Google Chrome 79, several users have noticed that their secondary profiles are losing names and being called “Person 1” instead.

Secondary profiles act as a second browser, allowing families to have their Google accounts synced, separate history and more.

In Chrome 79, a bug is causing Google Chrome to rename those secondary profiles as “Person 1” and so on, reports 9to5Google.

Also Read:

“It’s not deleting any profiles or wiping their data, but simply renaming the profile to remove its personalized or Google-based name,” it added.

Tech giant Google issued warning of a data breach for users in India and globally after fixing another Chrome 79 bug and re-issuing it this week.

- Advertisement -

Alert pop-ups began emerging on laptops, desktops, and mobile screens, forcing users in India to read the warning that their passwords may have been stolen as part of a data leak.

“Change your password. A data breach on a site or app exposed your password. Chrome recommends changing your password for the site,” read the warning pop-up.

- Advertisement -

Related Articles