Google Chrome hit with bugs, users los­ing pro­files

The Punch - - ICT CLINIC -

Cy­ber­se­cu­rity re­searchers have dis­cov­ered new vul­ner­a­bil­i­ties in Google Chrome that may al­low at­tack­ers to re­motely run ma­li­cious code in­side the pop­u­lar web browser.

The Sqlite vul­ner­a­bil­i­ties - five in to­tal and called “mag­el­lan 2.0” have been dis­closed by the Ten­cent blade se­cu­rity team, eco­nomic Times of In­dia re­ported.

“Sqlite and Google have al­ready con­firmed and fixed it and we are help­ing other ven­dors through it too. We haven’t found any proof of wild abuse of mag­el­lan 2.0 and will not dis­close any de­tails now,” tweeted the Chi­nese Ten­cent blade Team.

“mag­el­lan 2.0 on its way! blade re­searcher @ leon­wxqian found another set of vul­ner­a­bil­i­ties in #Sqlite which can re­sult in re­mote code ex­e­cu­tion via WEBSQL, leak­ing pro­gramme mem­ory or pos­si­ble pro­gramme crashes,” the team ear­lier tweeted.

All apps that use an Sqlite data­base are vul­ner­a­ble to mag­el­lan 2.0.

How­ever, the dan­ger of are­mote ex­ploita­tion’ is smaller than the one in Chrome, where a fea­ture called the ‘WEBSQL API’ ex­poses Chrome users to re­mote at­tacks, by de­fault,” ZDNET re­ported on Thurs­day.

The same Ten­cent blade se­cu­rity team dis­closed the orig­i­nal “mag­el­lan Sqlite” vul­ner­a­bil­i­ties in De­cem­ber 2018.

an at­tacker can craft an SQL op­er­a­tion that con­tains ma­li­cious code.

ac­cord­ing to Ten­cent team, the five mag­el­lan 2.0 vul­ner­a­bil­i­ties were fixed in Google Chrome “79.0.3945.79” ver­sion.

mean­while, In the lat­est Google Chrome 79, sev­eral users have no­ticed that their sec­ondary pro­files are los­ing names and be­ing called “Per­son 1” in­stead.

Sec­ondary pro­files act like a sec­ond browser, al­low­ing fam­i­lies to have their Google ac­counts synced, sep­a­rate history and more.

In Chrome 79, a bug is caus­ing Google Chrome to re­name those sec­ondary pro­files as “Per­son 1” and so on, re­ports 9to5­google.

“It’s not delet­ing any pro­files or wip­ing their data, but sim­ply re­nam­ing the pro­file to re­move its per­son­al­ized or Google­based name,” it added.

Tech gi­ant Google is­sued warn­ing of data breach for users in In­dia and glob­ally af­ter fix­ing another Chrome 79 bug and re-is­su­ing it this week.

Alert pop-ups be­gan emerg­ing on lap­tops, desk­tops and mo­bile screens, forc­ing users in In­dia to read the warn­ing that their pass­words may have been stolen as part of a data leak.

“Change your pass­word. a data breach on a site or app ex­posed your pass­word. Chrome rec­om­mends chang­ing your pass­word for the site,” read the warn­ing pop-up.

Newspapers in English

Newspapers from Nigeria

© PressReader. All rights reserved.