It seems that you're using an outdated browser. Some things may not work as they should (or don't work at all).
We suggest you upgrade newer and better browser like: Chrome, Firefox, Internet Explorer or Opera

×
Has GOG Galaxy been patched yet to get rid of old versions of SQLite in its installation, and eradicate this vulnerability ?

https://www.slashgear.com/sqlite-magellan-bug-affects-chrome-based-browsers-thousands-of-apps-16558106/



Directory of C:\Program Files (x86)\GOG Galaxy

13/12/2018 15:08 681,032 sqlite.dll
1 File(s) 681,032 bytes

Directory of C:\ProgramData\GOG.com\Galaxy\redists

13/12/2018 15:07 681,032 sqlite.dll
1 File(s) 681,032 bytes

Directory of C:\ProgramData\GOG.com\Galaxy\temp\desktop-galaxy-updater

13/12/2018 15:07 681,032 sqlite.dll
1 File(s) 681,032 bytes

Directory of C:\Users\All Users\GOG.com\Galaxy\redists

13/12/2018 15:07 681,032 sqlite.dll
1 File(s) 681,032 bytes

Directory of C:\Users\All Users\GOG.com\Galaxy\temp\desktop-galaxy-updater

13/12/2018 15:07 681,032 sqlite.dll
1 File(s) 681,032 bytes
Post edited December 19, 2018 by alt3rn1ty
Whoops forgot I posted this here aswell, got an answer back from the support ticket .. See the other topic I opened in a more appropriate part of the forum ..

https://www.gog.com/forum/general/gog_galaxy_magellan_bug_vulnerability/post7
Post edited December 24, 2018 by alt3rn1ty
avatar
alt3rn1ty: Whoops forgot I posted this here aswell, got an answer back from the support ticket .. See the other topic I opened in a more appropriate part of the forum ..

https://www.gog.com/forum/general/gog_galaxy_magellan_bug_vulnerability/post7
Er, since when is the galaxy installer a web browser...? GOG controls the install from start to finish--how is something supposed to get in? With a browser--well, whole different ball of wax...
avatar
alt3rn1ty: Whoops forgot I posted this here aswell, got an answer back from the support ticket .. See the other topic I opened in a more appropriate part of the forum ..

https://www.gog.com/forum/general/gog_galaxy_magellan_bug_vulnerability/post7
avatar
waltc: Er, since when is the galaxy installer a web browser...? GOG controls the install from start to finish--how is something supposed to get in? With a browser--well, whole different ball of wax...
I am answering this post using GOG Galaxy = Web Browser (I normally use the open source version of Chromium, but was notified of your reply in Galaxy, so used the Community tab to access the forums pages and replied also via Galaxy .. Chrome was not used at all.)

Yes you are only likely to use it on GOG web pages, however GOG web pages are not invulnerable to attacks and potentially injected code.

It has been acknowledged by the dev team as being an issue that needs to be sorted .. See other topic I linked.

Edit : Quick edit with Chrome to add the Screenshot attachment
Attachments:
007.png (116 Kb)
Post edited December 24, 2018 by alt3rn1ty
avatar
waltc: Er, since when is the galaxy installer a web browser...? GOG controls the install from start to finish--how is something supposed to get in? With a browser--well, whole different ball of wax...
avatar
alt3rn1ty: I am answering this post using GOG Galaxy = Web Browser (I normally use the open source version of Chromium, but was notified of your reply in Galaxy, so used the Community tab to access the forums pages and replied also via Galaxy .. Chrome was not used at all.)

Yes you are only likely to use it on GOG web pages, however GOG web pages are not invulnerable to attacks and potentially injected code.

It has been acknowledged by the dev team as being an issue that needs to be sorted .. See other topic I linked.

Edit : Quick edit with Chrome to add the Screenshot attachment
Yes, you are answering through the galaxy interface--but try general web browsing with it...;) I understand what you're saying, but my own position is that the simple revelation of a theoretical vulnerability doesn't mean anyone at all is actually vulnerable to anything --or even that a concrete threat exists. Theoretical vulnerability does not equal the presence of active attack code, imo. We have enough irrational panic as it is surrounding the various Spectre cpu vulnerabilities, for instance--which, so far, have simply failed to materialize. But, man, did [some] people panic!

Theoretical vulnerabilities abound--but specific threats to people's personal environments are far less common--for a lot of obvious reasons. Besides, seems like SQ injection has always had vulnerabilities of one kind or another. Especially in mobile applications.

Anyway...didn't mean to argue--glad to know that GOG is looking into it, whether it is material to Galaxy or it isn't. It seems to make people feel better, I suppose.