Why shocked? Chrome allows direct execution of untrusted and likely malicious code that it gets over the network. It is called JavaScript. That a new method for execution of untrusted remote malicious code has been created is completely unsurprising since the whole point of Chrome is to permit local execution of remotely obtained and possibly malicious code.
--- The fact that there's a Highway to Hell but only a Stairway to Heaven says a lot about anticipated traffic volume. >-----Original Message----- >From: sqlite-users [mailto:sqlite-users- >boun...@mailinglists.sqlite.org] On Behalf Of Peter da Silva >Sent: Tuesday, 18 December, 2018 14:00 >To: SQLite mailing list >Subject: Re: [sqlite] Claimed vulnerability in SQLite: Info or Intox? > >I have to say I'm pretty boggled that Chrome allows hostile users to >feed >code directly into an SQL interpreter that wasn't written from the >ground >up to be secure. Secure interpreters are *hard* even when you're >designing >them from scratch (see also, the whole history of web-based >vulnerabilities). That seems to be dancing with the screwup fairy to >me. >_______________________________________________ >sqlite-users mailing list >sqlite-users@mailinglists.sqlite.org >http://mailinglists.sqlite.org/cgi-bin/mailman/listinfo/sqlite-users _______________________________________________ sqlite-users mailing list sqlite-users@mailinglists.sqlite.org http://mailinglists.sqlite.org/cgi-bin/mailman/listinfo/sqlite-users
