3/6/2023 0 Comments Sqlite browser for chromeYou can even get disconnected from the internet after the SQL.js library is fully fetched. ![]() This application loads the SQL.js library and parses the SQLite databases locally just using JavaScript. Note that this web application works completely offline which means that your database binary is not sent to any external server what so ever. This app can even create a blank database on your browser memory or load a sample database for testing purposes. This app can load SQLite databases from your local disk or from a server (if the loading fails due to cross-origin access, you need to download the database to the disk and then load it from there). ![]() since the database is loaded on memory, it is usually even faster to retrieve or insert data. Get a free 30-day trial of Tenable.io Vulnerability Management.SQLite Reader is a web application to open and manipulate SQLite databases without having a native tool on your operating system. Learn more about Tenable, the first Cyber Exposure platform for holistic management of your modern attack surface. Join Tenable's Security Response Team on the Tenable Community. Chrome Releases: Stable Channel Update for Desktop.Identifying affected systemsĪ list of Tenable plugins to identify these vulnerabilities can be found here. ![]() We advise committing to this branch as soon as it is available. SQLite addressed the bugs on December 13, 2019, but has yet to release patches in a stable branch. 79 ( Stable Channel Update for Desktop) for Chromium users. Tenable strongly advises organizations and individuals to upgrade to patched versions as soon as possible. We follow the responsible vulnerability disclosure process and will not disclose the details of the vulnerability in advance 90 days after the vulnerability report.” They initially disclosed these vulnerabilities to Google and SQLite on November 16, 2019. When asked if they will be releasing a PoC, the Tencent Blade Team stated, “Not yet. Feel free to contact us if you had any technical questions! Īt the time this blog post was published, there was no proof of concept (PoC) available, but one may be released in the future. We haven't found any proof of wild abuse of Magellan 2.0 and will not disclose any details now. No need to worry: SQLite and Google have already confirmed and fixed it and we are helping other vendors through it too. The Tencent Blade Team states that they are working with vendors to address the issue and notes that, at present, there is no evidence of abuse in the wild. The Tencent Blade Team also noted that these vulnerabilities affect smart devices using an older version of Chrome/Chromium, browsers built using an older version of Chrome/Webview, Android apps using older versions of Webview and software that uses older versions of Chromium. Chrome/Chromium users with versions prior to v.79 are also vulnerable. These vulnerabilities are remotely exploitable in Google Chrome as it comes with Web SQL Database installed by default, an API that translates JavaScript code into SQL commands to be executed by Google Chrome’s internal SQLite database, which is used to store user data and browser settings.Īll applications implementing SQLite as a component and supporting SQL are affected if the latest patches are not applied. Remote attacks like this against SQLite databases would require direct and improperly handled input between the SQLite database and the internet-facing application. The vulnerability in SQLite occurs when the SQLite database is passed a maliciously crafted SQL command that it executes on behalf of the attacker, exploiting the vulnerabilities highlighted by the Tencent Blade Team. The Tencent Blade Team states that the impact of these vulnerabilities includes the leaking of program memory, causing program crashes and remote code execution. Information relating to Magellan 2.0 at present is limited to what has been disclosed in the advisory and the assignment of CVE IDs CVE-2019-13734, CVE-2019-13750, CVE-2019-13751, CVE-2019-13752 and CVE-2019-13753 on December 10, 2019. On December 23, 2019, the Tencent Blade Team published an advisory regarding “Magellan 2.0,” a new set of SQLite vulnerabilities discovered by researcher Wenxiang Qian differing from the original Magellan vulnerabilities disclosed last year. One year and one week after the disclosure of the Magellan series of vulnerabilities in 2018, Magellan 2.0 is disclosed, bringing five new vulnerabilities with it.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |