.SQLite is widely used, light-weight and Relational Database Managment System(RDBMS) developed in C programming. It is not a client-server database engine. SQLite is being used by millions of applications with literally billions of deployments, including IoT devices, macOS and Windows apps, including major web browsers, such as Adobe software, Skype and more.
Tencent Blade Team have found critical vulnerability from the SQLite database. Google chromium has confirmed the vulnerability. Other web browsers such as Google Chrome, Opera, Vivaldi, and Brave—also support SQLite through the deprecated Web SQL database API. They have not disclosed any details about the vulnerability at this time.
Tencent researchers said they successfully build a proof-of-concept exploit using the Magellan vulnerability. They have successfully tested their exploit against Google Home. They are pushing other vendors like Adobe, Apple, Dropbox, Firefox, Android, Chrome, Microsoft to fix this vulnerability as soon as possible.
If your product uses SQLite, please update to 3.26.0. If your product uses Chromium, please update to the official stable version 71.0.3578.80