Google Chrome Again Hit By Serious Security Flaws; Fixed

Google Chrome Again Hit By Serious Security Flaws; Fixed

Google’s web browser Chrome has been hit by serious security vulnerabilities again. The bugs allow attackers to access the web browser remotely and run malicious code inside it. The flaw is known as Magellan 2.0. It is a set of five vulnerabilities. All the vulnerabilities are related to how data input is processed and validated by the web browser’s built-in SQL function. The latest flaws were discovered by the Tencent Blade security team. Just a year ago, the same team had discovered a set of issues similar to Magellan 2.0 vulnerabilities. The Tencent Blade Team was founded in 2017 by Tencent Security Platform. Its research areas include IoT Security, AI Security, Mobile Security, and others.

The Tencent Blade Team said they didn’t find any evidence of a wild attack. But they said these vulnerabilities could have resulted in sudden crashing of the Chrome browser. Attackers through remote code execution may have gained access to set up a SQL operation and hijack some part of the browser functions. The vulnerabilities were reported to Google and SQLite by the team of the Chinese security company. Both Google and SQLite confirmed about the flaws. They have now fixed it in the latest version of Chrome. The company said users on an older version of the browser are still vulnerable to the flaws and recommended updating the browser.

The Tencent Blade Team said besides Chrome, all apps that used the SQLite database were vulnerable to attacks. It promised to release more details about the Magellan 2.0 vulnerabilities in the coming days. Meanwhile, several Google Chrome 79 users have reported that their secondary profiles are being rechristened to Person 1. It is believed that a bug is renaming the secondary profiles in the popular web browser. Google has issued warning of data breach and promised to fix it at the earliest. Earlier this month, Google had fixed zero-day vulnerability in the web browser. It was first reported by Russia’s cyber-security firm Kaspersky.