Security Architecture, Endpoint/Device Security, IoT, Endpoint/Device Security, Endpoint/Device Security, Endpoint/Device Security

Remote code execution flaw found in Google Home smart speaker

A remote code vulnerability called Magellan affecting devices using SQLite or Google’s Chromium-based browsers along with the Google Home smart speaker.

The flaw was uncovered by Tencent Security’s Blade Team and was reported and patched by Google. If left unpatched could lead to remote code execution, leaking program memory or it can cause program crashes. The vulnerability can be triggered remotely by accessing a particular web page, but the good news is there is no evidence of it being used in the wild.

The Tencent team does not intend to release the code and suggests those using either of the potentially affected systems to update to Chrome version 71.0.3578.80 and SQLite 3.26.0.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.