A remote code vulnerability called Magellan affecting devices using SQLite or Google’s Chromium-based browsers along with the Google Home smart speaker.
The flaw was uncovered by Tencent Security’s Blade Team and was reported and patched by Google. If left unpatched could lead to remote code execution, leaking program memory or it can cause program crashes. The vulnerability can be triggered remotely by accessing a particular web page, but the good news is there is no evidence of it being used in the wild.
The Tencent team does not intend to release the code and suggests those using either of the potentially affected systems to update to Chrome version 71.0.3578.80 and SQLite 3.26.0.
