{"id":10115,"date":"2021-10-04T17:35:20","date_gmt":"2021-10-04T14:35:20","guid":{"rendered":"https:\/\/www.kaspersky.com.tr\/blog\/?p=10115"},"modified":"2022-05-05T14:25:11","modified_gmt":"2022-05-05T11:25:11","slug":"three-vulnerabilities-in-chrome","status":"publish","type":"post","link":"https:\/\/www.kaspersky.com.tr\/blog\/three-vulnerabilities-in-chrome\/10115\/","title":{"rendered":"Google Chrome’daki \u00fc\u00e7 g\u00fcvenlik a\u00e7\u0131\u011f\u0131"},"content":{"rendered":"

Google, Chrome taray\u0131c\u0131s\u0131ndaki CVE-2021-37974<\/a>, CVE-2021-37975<\/a> ve CVE-2021-37976<\/a> g\u00fcvenlik a\u00e7\u0131klar\u0131n\u0131 kapatan bir acil durum g\u00fcncellemesi yay\u0131nlad\u0131. Google uzmanlar\u0131, g\u00fcvenlik a\u00e7\u0131klar\u0131ndan birini kritik, di\u011fer ikisini ise olduk\u00e7a tehlikeli olarak de\u011ferlendiriyor.<\/p>\n

Daha da k\u00f6t\u00fcs\u00fc: Google\u2019a g\u00f6re<\/a> siber su\u00e7lular halihaz\u0131rda bu \u00fc\u00e7 g\u00fcvenlik a\u00e7\u0131\u011f\u0131n\u0131n ikisinden faydalan\u0131yor. Bu nedenle Google, t\u00fcm Chrome kullan\u0131c\u0131lar\u0131na taray\u0131c\u0131lar\u0131n\u0131 acilen 94.0.4606.71 s\u00fcr\u00fcm\u00fcne g\u00fcncellemeleri tavsiyesinde bulunuyor. Bu g\u00fcvenlik a\u00e7\u0131klar\u0131, Chromium motorunu kullanan di\u011fer taray\u0131c\u0131lar\u0131 da ilgilendiriyor; \u00f6rne\u011fin, Microsoft, Edge\u2019in 94.0.992.38 s\u00fcr\u00fcm\u00fcne g\u00fcncellenmesini \u00f6neriliyor.<\/p>\n

Google Chrome\u2019daki bu g\u00fcvenlik a\u00e7\u0131klar\u0131 neden tehlikeli?<\/h2>\n

CVE-2021-37974 ve CVE-2021-37975, use-after-free<\/a> (serbest b\u0131rakt\u0131ktan sonra kullan\u0131m \u2013 UAF) s\u0131n\u0131f\u0131 g\u00fcvenlik a\u00e7\u0131klar\u0131d\u0131r \u2014 y\u0131\u011f\u0131n belle\u011fin yanl\u0131\u015f kullan\u0131m\u0131ndan yararlan\u0131r ve sonu\u00e7 olarak hedef bilgisayarda rastgele kod y\u00fcr\u00fct\u00fclmesine neden olabilir.<\/p>\n

A\u00e7\u0131klardan ilki, CVE-2021-37974, kullan\u0131c\u0131lar\u0131 g\u00fcvenli olmayan internet siteleri ve indirmeler hakk\u0131nda uyaran bir Google Chrome alt sistemi olan G\u00fcvenli Gezinti bile\u015feni ile ilgilidir. Bu g\u00fcvenlik a\u00e7\u0131\u011f\u0131n\u0131n CVSS v3.1 \u00f6nem derecesi 10 \u00fczerinden 7,7\u2019dir.<\/p>\n

Bulunan ikinci g\u00fcvenlik a\u00e7\u0131\u011f\u0131, CVE-2021-37975 ise Crome\u2019un V8 JavaScript motorunda yer al\u0131yor. Ve bu a\u00e7\u0131k, \u00fc\u00e7 g\u00fcvenlik a\u00e7\u0131\u011f\u0131n\u0131n i\u00e7inde en tehlikelisi olarak kabul ediliyor \u2014 CVSS v3.1 \u00f6l\u00e7e\u011finde 8,4\u2019l\u00fck bir \u00f6nem derecesine sahip ki bu da onu \u2018kritik\u2019 risk seviyesinde bir g\u00fcvenlik a\u00e7\u0131\u011f\u0131 haline getiriyor. Bilinmeyen k\u00f6t\u00fc niyetli ki\u015filer, halihaz\u0131rda Chrome kullan\u0131c\u0131lar\u0131na y\u00f6nelik sald\u0131r\u0131lar\u0131nda bu g\u00fcvenlik a\u00e7\u0131\u011f\u0131ndan faydalan\u0131yor.<\/p>\n

\u00dc\u00e7\u00fcnc\u00fc g\u00fcvenlik a\u00e7\u0131\u011f\u0131 olan CVE-2021-37976\u2019n\u0131n nedeni ise Google Chrome\u2019un \u00e7ekirde\u011finin neden oldu\u011fu a\u015f\u0131r\u0131 veriye maruz kalma. Bu a\u00e7\u0131k biraz daha az tehlikeli \u2014 CVSS v3.1 \u00f6l\u00e7e\u011finde 7,2, ancak bu da halihaz\u0131rda siber su\u00e7lular taraf\u0131ndan kullan\u0131l\u0131yor.<\/p>\n

Siber su\u00e7lular bu g\u00fcvenlik a\u00e7\u0131klar\u0131ndan nas\u0131l yararlanabilir?<\/h2>\n

Her \u00fc\u00e7 g\u00fcvenlik a\u00e7\u0131\u011f\u0131ndan da yararlanmak i\u00e7in k\u00f6t\u00fc ama\u00e7l\u0131 bir internet sayfas\u0131n\u0131n olu\u015fturulmas\u0131 gerekiyor. Sald\u0131rganlar\u0131n tek ihtiyac\u0131, g\u00fcvenlik a\u00e7\u0131\u011f\u0131n\u0131 kullanan bir internet sitesi olu\u015fturmak ve kurbanlar\u0131 bu siteye \u00e7ekmek. Sonu\u00e7 olarak iki use-after-free g\u00fcvenlik a\u00e7\u0131\u011f\u0131, sald\u0131rganlar\u0131n sayfaya eri\u015fen yama yap\u0131lmam\u0131\u015f Chrome kullan\u0131c\u0131lar\u0131n\u0131n bilgisayarlar\u0131nda rasgele kod y\u00fcr\u00fctmesine olanak tan\u0131yor. Bu da kullan\u0131c\u0131lar\u0131n sistemlerinin ele ge\u00e7irilmesine yol a\u00e7abilir. \u00dc\u00e7\u00fcnc\u00fc g\u00fcvenlik a\u00e7\u0131\u011f\u0131 olan CVE-2021-37976 ise, sald\u0131rganlar\u0131n kurban\u0131n gizli bilgilerine eri\u015fmesini m\u00fcmk\u00fcn k\u0131l\u0131yor.<\/p>\n

B\u00fcy\u00fck olasl\u0131kla Google, kullan\u0131c\u0131lar\u0131n \u00e7o\u011funun taray\u0131c\u0131lar\u0131n\u0131 g\u00fcncellemesinin ard\u0131ndan g\u00fcvenlik a\u00e7\u0131klar\u0131na ili\u015fkin daha fazla ayr\u0131nt\u0131 payla\u015facakt\u0131r. Her durumda, g\u00fcncellemeyi ertelemenin bir anlam\u0131 yok \u2014 m\u00fcmk\u00fcn olan en k\u0131sa s\u00fcrede yapmak \u00e7ok daha iyi.<\/p>\n

Kendinizi koruman\u0131n yollar\u0131<\/h2>\n

Herkesin yapmas\u0131 gereken ilk \u015fey, internet eri\u015fimi olan t\u00fcm cihazlarda taray\u0131c\u0131lar\u0131 g\u00fcncellemektir. G\u00fcncelleme genellikle taray\u0131c\u0131 yeniden ba\u015flat\u0131ld\u0131\u011f\u0131nda otomatik olarak y\u00fcklenir ancak bir\u00e7ok kullan\u0131c\u0131 bilgisayar\u0131n\u0131 uzun s\u00fcre yeniden ba\u015flatmad\u0131\u011f\u0131 i\u00e7in bu kullan\u0131c\u0131lar\u0131n taray\u0131c\u0131lar\u0131 birka\u00e7 g\u00fcn, hatta hafta boyunca savunmas\u0131z kalabilir. Her ihtimale kar\u015f\u0131, kulland\u0131\u011f\u0131n\u0131z Chrome s\u00fcr\u00fcm\u00fcn\u00fc kontrol etmenizi \u00f6neriyoruz. Bunu \u015fu \u015fekilde yapabilirsiniz: Taray\u0131c\u0131 penceresinin sa\u011f \u00fcst k\u00f6\u015fesindeki Google Chrome\u2019u \u00d6zelle\u015ftir ve Kontrol Et<\/em> butonuna t\u0131klay\u0131n ve ard\u0131ndan Yard\u0131m<\/em> -> Google Chrome Hakk\u0131nda<\/em>\u2018y\u0131 se\u00e7in. Kulland\u0131\u011f\u0131n\u0131z taray\u0131c\u0131 s\u00fcr\u00fcm\u00fc mevcut en g\u00fcncel s\u00fcr\u00fcm de\u011filse, Chrome otomatik olarak g\u00fcncellemeyi ba\u015flat\u0131r.<\/p>\n

Ekstra koruma i\u00e7in, kullan\u0131c\u0131lar\u0131n internet eri\u015fimi olan t\u00fcm cihazlar\u0131na\u00a0g\u00fcvenlik \u00e7\u00f6z\u00fcmleri<\/a> y\u00fcklemelerini \u00f6neriyoruz. Bu \u015fekilde, bir g\u00fcvenlik a\u00e7\u0131\u011f\u0131 ortaya \u00e7\u0131kt\u0131\u011f\u0131nda g\u00fcncellenmemi\u015f bir taray\u0131c\u0131ya sahip olmasan\u0131z bile, proaktif koruma teknolojileri, g\u00fcvenlik a\u00e7\u0131\u011f\u0131ndan ba\u015far\u0131l\u0131 bir \u015fekilde yararlanma olas\u0131l\u0131\u011f\u0131n\u0131 en aza indirir.<\/p>\n

Kurumsal bilgi g\u00fcvenli\u011fi departmanlar\u0131 \u00e7al\u0131\u015fanlar\u0131na da\u00a0t\u00fcm cihazlarda g\u00fcvenlik \u00e7\u00f6z\u00fcmleri<\/a> kullanmalar\u0131n\u0131, g\u00fcvenlik g\u00fcncellemelerini takip etmelerini ve otomatik g\u00fcncelleme da\u011f\u0131t\u0131m ve kontrol sistemi kullanmalar\u0131n\u0131 \u00f6neriyoruz. Taray\u0131c\u0131 g\u00fcncellemelerinin y\u00fcklenmesine \u00f6ncelik vermek de mant\u0131kl\u0131 bir \u00e7\u00f6z\u00fcmd\u00fcr.<\/p>\n

<\/strong><\/p>\n","protected":false},"excerpt":{"rendered":"

Google, Google Chrome’daki \u00fc\u00e7 tehlikeli g\u00fcvenlik a\u00e7\u0131\u011f\u0131n\u0131 kapatan bir g\u00fcncelleme yay\u0131nlad\u0131. Taray\u0131c\u0131n\u0131z\u0131 hemen g\u00fcncelleyin!<\/p>\n","protected":false},"author":2706,"featured_media":10116,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[1194,1727,1351],"tags":[16,22,1886,790,2380],"class_list":{"0":"post-10115","1":"post","2":"type-post","3":"status-publish","4":"format-standard","5":"has-post-thumbnail","7":"category-business","8":"category-smb","9":"category-threats","10":"tag-chrome","11":"tag-google","12":"tag-guncellemeler","13":"tag-guvenlik-aciklari","14":"tag-use-after-free"},"hreflang":[{"hreflang":"tr","url":"https:\/\/www.kaspersky.com.tr\/blog\/three-vulnerabilities-in-chrome\/10115\/"},{"hreflang":"en-in","url":"https:\/\/www.kaspersky.co.in\/blog\/three-vulnerabilities-in-chrome\/23438\/"},{"hreflang":"en-ae","url":"https:\/\/me-en.kaspersky.com\/blog\/three-vulnerabilities-in-chrome\/18911\/"},{"hreflang":"ar","url":"https:\/\/me.kaspersky.com\/blog\/three-vulnerabilities-in-chrome\/9469\/"},{"hreflang":"en-us","url":"https:\/\/usa.kaspersky.com\/blog\/three-vulnerabilities-in-chrome\/25504\/"},{"hreflang":"en-gb","url":"https:\/\/www.kaspersky.co.uk\/blog\/three-vulnerabilities-in-chrome\/23582\/"},{"hreflang":"es-mx","url":"https:\/\/latam.kaspersky.com\/blog\/three-vulnerabilities-in-chrome\/23007\/"},{"hreflang":"es","url":"https:\/\/www.kaspersky.es\/blog\/three-vulnerabilities-in-chrome\/26191\/"},{"hreflang":"it","url":"https:\/\/www.kaspersky.it\/blog\/three-vulnerabilities-in-chrome\/25718\/"},{"hreflang":"ru","url":"https:\/\/www.kaspersky.ru\/blog\/three-vulnerabilities-in-chrome\/31617\/"},{"hreflang":"x-default","url":"https:\/\/www.kaspersky.com\/blog\/three-vulnerabilities-in-chrome\/42265\/"},{"hreflang":"fr","url":"https:\/\/www.kaspersky.fr\/blog\/three-vulnerabilities-in-chrome\/17832\/"},{"hreflang":"pt-br","url":"https:\/\/www.kaspersky.com.br\/blog\/three-vulnerabilities-in-chrome\/18229\/"},{"hreflang":"pl","url":"https:\/\/plblog.kaspersky.com\/three-vulnerabilities-in-chrome\/15373\/"},{"hreflang":"de","url":"https:\/\/www.kaspersky.de\/blog\/three-vulnerabilities-in-chrome\/27516\/"},{"hreflang":"ja","url":"https:\/\/blog.kaspersky.co.jp\/three-vulnerabilities-in-chrome\/31729\/"},{"hreflang":"nl","url":"https:\/\/www.kaspersky.nl\/blog\/three-vulnerabilities-in-chrome\/27666\/"},{"hreflang":"ru-kz","url":"https:\/\/blog.kaspersky.kz\/three-vulnerabilities-in-chrome\/24437\/"},{"hreflang":"en-au","url":"https:\/\/www.kaspersky.com.au\/blog\/three-vulnerabilities-in-chrome\/29793\/"},{"hreflang":"en-za","url":"https:\/\/www.kaspersky.co.za\/blog\/three-vulnerabilities-in-chrome\/29592\/"}],"acf":[],"banners":"","maintag":{"url":"https:\/\/www.kaspersky.com.tr\/blog\/tag\/guvenlik-aciklari\/","name":"g\u00fcvenlik a\u00e7\u0131klar\u0131"},"_links":{"self":[{"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/posts\/10115","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/users\/2706"}],"replies":[{"embeddable":true,"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/comments?post=10115"}],"version-history":[{"count":1,"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/posts\/10115\/revisions"}],"predecessor-version":[{"id":10117,"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/posts\/10115\/revisions\/10117"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/media\/10116"}],"wp:attachment":[{"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/media?parent=10115"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/categories?post=10115"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/tags?post=10115"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}