Newly Discovered Chrome Vulnerability Could Lead to Full System Compromise with No User Interaction

Google Chrome

Recently it was announced that the Tencent Blade Team found a severe vulnerability in SQLite that could lead to Remote Code Execution. SQLite is an open-source lightweight database library used in a very large number of other applications that need some sort of database functionality.

One such application is the Chrome web browser. Chrome includes an implementation of a non-standard web technology called WebSQL, which is basically just a Javascript interface to SQLite. So an attacker could use this vulnerability to pass a carefully crafted SQL statement to SQLite through WebSQL to compromise any person using an affected browser that visited their malware site or viewed their malicious ad. Just loading the infected website would be enough for full system compromise, the victim wouldn’t have to click anything at all.

This is a great example of how powerful Light Point Web and Remote Browser Isolation are. Who knows how long this vulnerability has been out there, and how many cyber-criminals or nation-states had found it before the Tencent Blade team’s announcement. But for users of Light Point Web, it doesn’t matter. Even if they were using the affected versions of Chrome to browse sites that were actively exploiting this vulnerability, they were never in any danger from it. How great is that?

This is a pretty serious vulnerability, but luckily the issue has been fixed in SQLite, and Chrome has been updated to use this fixed version of SQLite as of version 71. However, what are the odds that this is the last browser vulnerability left, and browsers are now actually safe to use without Light Point Web? Spoiler Alert: the answer is 0%.

Leave a Reply

Your email address will not be published. Required fields are marked *