Chrome WebSQLºÍSQLiteí§Òâ´úÂëÖ´ÐÐÎó²îΣº¦Í¨¸æ

Ðû²¼Ê±¼ä 2019-12-19

Îó²î±àºÅºÍ¼¶±ð


CVE±àºÅ£ºCVE-2019-13734£¬£¬£¬£¬£¬£¬£¬Î£ÏÕ¼¶±ð£º¸ßΣ£¬£¬£¬£¬£¬£¬£¬CVSS·ÖÖµ£º8.8

CVE±àºÅ£ºCVE-2019-13750£¬£¬£¬£¬£¬£¬£¬Î£ÏÕ¼¶±ð£ºÖÐΣ£¬£¬£¬£¬£¬£¬£¬CVSS·ÖÖµ£º6.5

CVE±àºÅ£ºCVE-2019-13751£¬£¬£¬£¬£¬£¬£¬Î£ÏÕ¼¶±ð£ºÖÐΣ£¬£¬£¬£¬£¬£¬£¬CVSS·ÖÖµ£º6.5

CVE±àºÅ£ºCVE-2019-13752£¬£¬£¬£¬£¬£¬£¬Î£ÏÕ¼¶±ð£ºÖÐΣ£¬£¬£¬£¬£¬£¬£¬CVSS·ÖÖµ£º6.5

CVE±àºÅ£ºCVE-2019-13753£¬£¬£¬£¬£¬£¬£¬Î£ÏÕ¼¶±ð£ºÖÐΣ£¬£¬£¬£¬£¬£¬£¬CVSS·ÖÖµ£º6.5


Ó°Ïì°æ±¾


1¡¢Chromeä¯ÀÀÆ÷79.0.3945.79ÒÔÏ°汾

2¡¢Ê¹ÓÃChromiumÄںˣ¨79.0.3945.79ÒÔÏ£©µÄä¯ÀÀÆ÷

3¡¢Ê¹ÓÃSQLite¹Ù·½°æ±¾ÇÒδ¸üÐÂ2019Äê12ÔÂ4ÈÕ²¹¶¡µÄSQLite×é¼þ


Îó²î¸ÅÊö


SQLiteÊÇÓÉD.RichardHipp½¨ÉèµÄÒ»¸ö¿ªÔ´¹ØϵÊý¾Ý¿â£¬£¬£¬£¬£¬£¬£¬¸ÃÊý¾Ý¿â¼æÈÝACID£¬£¬£¬£¬£¬£¬£¬¾ßÓжàÓïÑÔÖ§³Ö¡¢ÁãÉèÖá¢ÇáÁ¿»¯¡¢Ö´ÐÐЧÂʸߵÄÌص㣬£¬£¬£¬£¬£¬£¬ÔÚÍøÒ³ä¯ÀÀÆ÷¡¢²Ù×÷ϵͳ¡¢Ç¶ÈëʽϵͳÖлñµÃÁËÆÕ±éʹÓᣡ£¡£¡£¡£¡£ChromeÊÇÒ»¿îÓÉGoogle¿ª·¢µÄä¯ÀÀÆ÷£¬£¬£¬£¬£¬£¬£¬ÌṩÁËÓÉSQLiteÊý¾Ý¿âÖ§³ÖµÄWebSQL¹¦Ð§£¬£¬£¬£¬£¬£¬£¬Ö§³ÖÍøÒ³¾ç±¾¶ÔSQLÓï¾äµÄÖ´ÐС£¡£¡£¡£¡£¡£


½üÆÚ·¢Ã÷¶à¸öSQLite¡¢Chromeä¯ÀÀÆ÷WebSQL×é¼þÔ¶³Ì´úÂëÖ´ÐÐÎó²î¡£¡£¡£¡£¡£¡£ÓÉÓÚSQLite±í½á¹¹ÔÚ´¦Öóͷ£Àú³ÌÖÐʱ£¬£¬£¬£¬£¬£¬£¬±£´æ¶à¸öÂß¼­Îó²îºÍÄÚ´æÆÆËðÎó²î£¬£¬£¬£¬£¬£¬£¬µ¼ÖÂChromeä¯ÀÀÆ÷WebSQL¡¢SQLite±£´æí§Òâ´úÂëÖ´ÐÐÎó²î¡£¡£¡£¡£¡£¡£¹¥»÷ÕßʹÓøÃÎó²î£¬£¬£¬£¬£¬£¬£¬Í¨¹ý´¹ÂÚÓʼþ¡¢¶ñÒâ¶ÌÐŵÈÉ繤ÊÖ¶ÎÓÕʹÓû§»á¼û¶ñÒâÍøÒ³£¬£¬£¬£¬£¬£¬£¬ÔÚÖ§³ÖÍⲿÊäÈëSQLÓï¾äºÍʹÓÃSQLite×é¼þµÄÈí¼þÉÏʵÏÖ´úÂëÖ´ÐУ¬£¬£¬£¬£¬£¬£¬ÔÚChromeä¯ÀÀÆ÷ºÍ»ùÓÚChromium¿ª·¢µÄä¯ÀÀÆ÷ÉÏʵÏÖRenderȨÏÞµÄí§Òâ´úÂëÖ´ÐС£¡£¡£¡£¡£¡£


Îó²î¸ÅÊöÈçÏ£º


CVE-2019-13734

Google ChromeÖеÄSQLite±£´æ»º³åÇø¹ýʧÎó²î¡£¡£¡£¡£¡£¡£Ô¶³Ì¹¥»÷Õ߿ɽèÖúÌØÖƵÄHTMLÒ³ÃæʹÓøÃÎó²îÖ´ÐÐí§Òâ´úÂë¡£¡£¡£¡£¡£¡£


CVE-2019-13750

Google ChromeÖеÄSQLite±£´æÇå¾²Îó²î¡£¡£¡£¡£¡£¡£Ô¶³Ì¹¥»÷Õ߿ɽèÖúÌØÖÆHTMLÒ³ÃæʹÓøÃÎó²îÈƹý×ÝÉî·ÀÓù²½·¥¡£¡£¡£¡£¡£¡£


CVE-2019-13751

Google ChromeÖеÄSQLite±£´æÐÅϢй¶Îó²î¡£¡£¡£¡£¡£¡£Ô¶³Ì¹¥»÷Õ߿ɽèÖúÌØÖÆHTMLÒ³ÃæʹÓøÃÎó²î´ÓÀú³ÌÄÚ´æÖлñÈ¡Ãô¸ÐÐÅÏ¢¡£¡£¡£¡£¡£¡£


CVE-2019-13752

Google ChromeÖеÄSQLite±£´æ»º³åÇø¹ýʧÎó²î¡£¡£¡£¡£¡£¡£Ô¶³Ì¹¥»÷Õ߿ɽèÖúÌØÖÆHTMLÒ³ÃæʹÓøÃÎó²î´ÓÀú³ÌÄÚ´æÖлñÈ¡Ãô¸ÐÐÅÏ¢¡£¡£¡£¡£¡£¡£


CVE-2019-13753

Google ChromeÖб£´æ»º³åÇø¹ýʧÎó²î¡£¡£¡£¡£¡£¡£Ô¶³Ì¹¥»÷Õ߿ɽèÖúÌØÖÆHTMLÒ³ÃæʹÓøÃÎó²î»ñÈ¡Ãô¸ÐÐÅÏ¢¡£¡£¡£¡£¡£¡£


Îó²îÑéÖ¤


ÔÝÎÞPOC/EXP¡£¡£¡£¡£¡£¡£


ÐÞ¸´½¨Òé


1¡¢¹È¸è¹Ù·½ÒÑÐû²¼²¹¶¡ÐÞ¸´´ËÎó²î£¬£¬£¬£¬£¬£¬£¬½¨ÒéʹÓÃChromeä¯ÀÀÆ÷µÄÓû§Á¬Ã¦Éý¼¶ÖÁ×îа汾£ºhttps://chromereleases.googleblog.com/2019/12/stable-channel-update-for-desktop.html¡£¡£¡£¡£¡£¡£


2¡¢Ê¹ÓÃChromiumÄں˿ª·¢µÄä¯ÀÀÆ÷³§ÉÌ£¬£¬£¬£¬£¬£¬£¬Ð轫Äں˰汾¸üÐÂÖÁ¹Ù·½Îȹ̰æ79.0.3945.79ÒÔÉÏ¡£¡£¡£¡£¡£¡£Óû§Ò²¿É½ÓÄɽûÓÃWebSQLÄ£¿£¿£¿£¿ £¿£¿é»òµ¥¶ÀºÏÈë²¹¶¡µÈÔÝʱ·À»¤²½·¥¡£¡£¡£¡£¡£¡£


3¡¢½«SQLite×é¼þ¸üÐÂÖÁ2019Äê12ÔÂ4ÈÕ¼°Ö®ºóµÄ²¹¶¡£¡£¡£¡£¡£¡£ºhttps://www.sqlite.org/src/info/e01fdbf9f700e1bd¡£¡£¡£¡£¡£¡£


²Î¿¼Á´½Ó


https://mp.weixin.qq.com/s/p0qoUCvaWhe85drz88RQkg