SQLite is a lightweight Relational Database Management System designed for embedded use within applications, unlike many other database systems which rely on a client-server model. SQLite is the most widely used database in the world, used in millions of software applications by nearly any company you can think of, including, but not limited to, Apple, Microsoft, Google and Adobe.
The recently discovered vulnerability in SQLite, known as Magellan, allows attackers to remotely execute code on affected systems and devices. Since many popular web browsers today are based on Google’s Chromium, providing the core foundations for browsers such as Google Chrome and Opera, attackers can distribute their exploits for the Magellan vulnerability with great ease by encouraging users to navigate to their malicious webpages, as Chromium utilises SQLite. It is important to note that exploits could also be delivered in the form of Email links, attachments or storage devices.
At this moment, there has been no information released about the methodology of this exploit, and it has also been mentioned that it is unlikely that it has been widely exploited. Thankfully, Google has released a fix for Magellan in their Chromium 71.0.3578.80 version and SQLite have fixed the vulnerability in their 3.26.0 version. However, it is important to remember that third-party software can potentially still be using these vulnerable software versions and may be causing a security risk that you are not aware of. Therefore, if you are aware that your software provider uses SQLite or Chromium for their services, you check with them to ensure that they have taken this security risk into consideration and updated their systems accordingly. This database is widely used by many software companies, and it is important to clarify that this update has been applied wherever possible.