Google Chrome Infested with Magellan 2.0 Alters Users Secondary Profiles
Separator

Google Chrome Infested with Magellan 2.0 Alters Users Secondary Profiles

Separator
Google Chrome Infested with Magellan 2.0 Alters Users Secondary Profiles

CEO Insights team , IANS

Cyber security researchers reveal new vulnerabilities in Google Chrome that may allow attackers to remotely run malicious code inside the browser. These SQLite vulnerabilities, five in total called Magellan 2.0 are capable of remote code execution via WebSQ that may result into leaking programme memory or possible programme crashes. An attacker can easily craft an SQL operation that contains such malicious code.

This revelation has been made by the same Tencent Blade security team that had previously disclosed the original "Magellan SQLite" vulnerabilities in December 2018. According to the team, these vulnerabilities were fixed in Google Chrome "79.0.3945.79" version. Meanwhile, in the latest Google Chrome 79, several users have noticed that their secondary profiles are losing names and being called "Person 1" instead. Secondary profiles act like a second browser, allowing families to have their Google accounts synced, separate history and more.

Commenting on this discovery, Tencent Blade Team, China, says, “ SQLite and Google have already confirmed

It's not deleting any profiles or wiping their data but simply renaming the profile to remove its personalized or Google-based name



and fixed it and we are helping other vendors through it too. We haven't found any proof of wild abuse of Magellan 2.0 and will not disclose any details now.”

“All apps that use an SQLite database are vulnerable to Magellan 2.0. However, the danger of aremote exploitation is smaller than the one in Chrome, where a feature called the `WebSQL API exposes Chrome users to remote attacks by default,” reports ZDNet.

“It's not deleting any profiles or wiping their data, but simply renaming the profile to remove its personalized or Google-based name,” reports 9to5Google.

Tech giant Google issued warning of data breach for users globally after fixing another Chrome 79 bug and re-issuing it this week, as alert pop-ups began emerging on laptops, desktops and mobile screens, forcing users in India to read the warning that their passwords may have been stolen as part of a data leak.

"Change your password. A data breach on a site or app exposed your password. Chrome recommends changing your password for the site," reads the warning pop-up.
Source : IANS