
Google Chrome impacted by new Magellan 2.0 vulnerabilities - bzbarsky
https://www.zdnet.com/article/google-chrome-impacted-by-new-magellan-2-0-vulnerabilities/
======
rasz
If you cant upgrade to patched version create userjs script with

window.openDatabase = undefined;

this will globally disable websql. Of course Google took care of this 'user
permission to install own code' leak and ... removed User script directory
support in 2011! :| Nowadays you need to either install Tampermonkey (and
enable advanced mode/instant injection which is a hack in itself because
Chrome has several year old not fixed extension execution bugs) or write your
very own custom `run_at` `document_start` extension injecting that one liner
to achieve something as basic as ability to turn __of __a browser feature.

------
thoksink
It might be the time to use something else, with less privacy violation

~~~
rasz
Its not even strictly privacy violation, but carelessness. Google would never
enable something like this(raw calling someone elses unvalidated library)
internally, yet its a wild west when it comes to browsers running on user
computers. How did we get to the point where browser will happily leak
available C drive free space with one stupid navigator.storage.estimate()
call.

