SQLite 漏洞修复

已发现一个远程代码执行漏洞“Magellan”，该漏洞影响基于 SQLite 或 Chromium 的软件，包括所有版本的 Electron。

¥A remote code execution vulnerability, "Magellan," has been discovered affecting software based on SQLite or Chromium, including all versions of Electron.

---

范围

¥Scope

使用 Web SQL 的 Electron 应用会受到影响。

¥Electron applications using Web SQL are impacted.

缓解措施

¥Mitigation

受影响的应用应停止使用 Web SQL 或升级到 Electron 的修补版本。

¥Affected apps should stop using Web SQL or upgrade to a patched version of Electron.

我们已发布 Electron 的新版本，其中包含针对此漏洞的修复：

¥We've published new versions of Electron which include fixes for this vulnerability:

• 4.0.0-beta.11

• 3.1.0-beta.4

• 3.0.13

• 2.0.16

目前尚未收到任何关于此问题的外部报告；然而，受影响的应用会被敦促缓解影响。

¥There are no reports of this in the wild; however, affected applications are urged to mitigate.

更多信息

¥Further Information

此漏洞由腾讯 Blade 团队发现，并已发布 一篇讨论该漏洞的博客文章。

¥This vulnerability was discovered by the Tencent Blade team, who have published a blog post that discusses the vulnerability.

要了解有关保护 Electron 应用安全的最佳实践的更多信息，请参阅我们的 安全教程。

¥To learn more about best practices for keeping your Electron apps secure, see our security tutorial.

如果你想报告 Electron 中的漏洞，请发送电子邮件至 security@electronjs.org。

¥If you wish to report a vulnerability in Electron, email security@electronjs.org.