This proof-of-concept crashes the Chrome renderer process using Tencent Blade Team's Magellan SQLite3 bug. It's based on a SQLite test case from the commit that fixed the bug.
If you're using Chrome 70 or below, tap the button below to crash this page:
Your browser's user agent is: not available without JavaScript. Turn it on!
Source code for this page on GitHub.
I'm working on understanding how this issue affects browsers. To get notified when I update this page, please sign up to my mailing list:
After you press the button, the page should crash:

On Android 5.1, I get a segfault in memcpy:
        F/libc    ( 3801): Fatal signal 11 (SIGSEGV), code 1, fault addr 0xe0ddb457 in tid 3854 (Database thread)
        I/DEBUG   (  142): *** *** *** *** *** *** *** *** *** *** *** *** *** *** *** ***
        I/DEBUG   (  142): Build fingerprint: 'google/nakasi/grouper:5.1/LMY47D/1743759:user/release-keys'
        I/DEBUG   (  142): Revision: '0'
        I/DEBUG   (  142): ABI: 'arm'
        I/DEBUG   (  142): pid: 3801, tid: 3854, name: Database thread  >>> com.android.chrome:sandboxed_process6 <<<
        I/DEBUG   (  142): signal 11 (SIGSEGV), code 1 (SEGV_MAPERR), fault addr 0xe0ddb457
        I/DEBUG   (  142):     r0 e0ddb457  r1 611be0ab  r2 00000002  r3 ff000000
        I/DEBUG   (  142):     r4 611be038  r5 00000002  r6 611be0a9  r7 7fffffff
        I/DEBUG   (  142):     r8 00000001  r9 611be0ab  sl 80000001  fp 00000000
        I/DEBUG   (  142):     ip 00000066  sp 6defd3a0  lr 00000074  pc 4025eb62  cpsr 680f2430
        I/DEBUG   (  142): 
        I/DEBUG   (  142): backtrace:
        I/DEBUG   (  142):     #00 pc 0000fb62  /system/lib/libc.so (__memcpy_base+217)
        I/DEBUG   (  142):     #01 pc 018d0e1d  /data/app/com.android.chrome-1/base.apk
Affected: tested, causes one tab/one window to crash:
Not affected: