{"id":10589,"date":"2022-04-04T11:58:35","date_gmt":"2022-04-04T08:58:35","guid":{"rendered":"https:\/\/www.kaspersky.com.tr\/blog\/?p=10589"},"modified":"2022-05-05T14:25:07","modified_gmt":"2022-05-05T11:25:07","slug":"chrome-ten-high-severity-vulnerabilities","status":"publish","type":"post","link":"https:\/\/www.kaspersky.com.tr\/blog\/chrome-ten-high-severity-vulnerabilities\/10589\/","title":{"rendered":"Google Chrome&#8217;da y\u00fcksek \u00f6nem seviyesine sahip 10 g\u00fcvenlik a\u00e7\u0131\u011f\u0131"},"content":{"rendered":"<p>Google, Chrome taray\u0131c\u0131s\u0131 i\u00e7in yay\u0131nlad\u0131\u011f\u0131 <a href=\"https:\/\/chromereleases.googleblog.com\/2022\/03\/stable-channel-update-for-desktop_29.html\" target=\"_blank\" rel=\"noopener nofollow\">100.0.4896.60 g\u00fcncellemesi<\/a> ile 28 g\u00fcvenlik a\u00e7\u0131\u011f\u0131n\u0131 kapatt\u0131. Google\u2019\u0131n yaln\u0131zca birka\u00e7 g\u00fcn \u00f6nce <a href=\"https:\/\/chromereleases.googleblog.com\/2022\/03\/stable-channel-update-for-desktop_25.html?m=1\" target=\"_blank\" rel=\"noopener nofollow\">ayr\u0131 bir g\u00fcncellemeyle<\/a> yama yapt\u0131\u011f\u0131 ba\u015fka bir y\u00fcksek \u00f6nem seviyesindeki sahip g\u00fcvenlik a\u00e7\u0131\u011f\u0131 olan CVE-2022-1096 ile birlikte bu a\u00e7\u0131klar\u0131n en az 9\u2019u y\u00fcksek \u00f6nem seviyesine sahip. Chrome geli\u015ftiricileri bir haftadan k\u0131sa bir s\u00fcrede toplam 10 y\u00fcksek \u00f6nemdeki g\u00fcvenlik a\u00e7\u0131\u011f\u0131 i\u00e7in yama yay\u0131nlad\u0131. Ba\u015fka bir deyi\u015fle, bir s\u00fcredir bilgisayar\u0131n\u0131z\u0131 yeniden ba\u015flatmad\u0131ysan\u0131z veya taray\u0131c\u0131n\u0131z\u0131 yak\u0131n zamanda yeniden ba\u015flatmad\u0131ysan\u0131z, \u015fimdi g\u00fcncellemenin tam zaman\u0131.<\/p>\n<h2>CVE-2022-1096 g\u00fcvenlik a\u00e7\u0131\u011f\u0131<\/h2>\n<p>Google, \u015firketin g\u00fcvenlik politikas\u0131na g\u00f6re taray\u0131c\u0131 aktif \u015fekilde kullanan kullan\u0131c\u0131lar\u0131n \u00e7o\u011fu taray\u0131c\u0131lar\u0131n\u0131 g\u00fcncelleyene kadar hatalarla ilgili ayr\u0131nt\u0131l\u0131 bir a\u00e7\u0131klama yapmad\u0131\u011f\u0131 i\u00e7in \u015fu ana kadar g\u00fcvenlik a\u00e7\u0131klar\u0131ndan herhangi biri konusunda ayr\u0131nt\u0131l\u0131 bilgi payla\u015fmad\u0131. Ancak, ger\u00e7ek sorunlara neden olabilecek a\u00e7\u0131\u011f\u0131n, <a href=\"https:\/\/msrc.microsoft.com\/update-guide\/vulnerability\/CVE-2022-1096\" target=\"_blank\" rel=\"noopener nofollow\">CVE-2022-1096<\/a> (Google\u2019\u0131n 25 Mart Cuma g\u00fcn\u00fc, b\u00fcy\u00fck g\u00fcncellemeden sadece d\u00f6rt g\u00fcn \u00f6nce ayr\u0131 bir yamayla kapatt\u0131\u011f\u0131) g\u00fcvenlik a\u00e7\u0131\u011f\u0131 oldu\u011fu ortada.<\/p>\n<p>Bu a\u00e7\u0131\u011f\u0131n CVE-2022-1096, Type Confusion (t\u00fcr kar\u0131\u015f\u0131kl\u0131\u011f\u0131) s\u0131n\u0131f\u0131na ait olmas\u0131, V8 motorunda veri t\u00fcrlerinin i\u015flenmesindeki baz\u0131 hatalara ba\u011fl\u0131 oldu\u011fu anlam\u0131na geliyor. Google\u2019\u0131n bu hatay\u0131 bir acil durum yamas\u0131yla ayr\u0131 \u015fekilde ele almas\u0131 ger\u00e7e\u011fine bak\u0131l\u0131rsa, g\u00fcvenlik a\u00e7\u0131\u011f\u0131 olduk\u00e7a tehlikeli. Dahas\u0131, yama s\u00fcr\u00fcm notlar\u0131na g\u00f6re Google, 25 Mart\u2019ta bu g\u00fcvenlik a\u00e7\u0131\u011f\u0131n\u0131n halihaz\u0131rda kullan\u0131ld\u0131\u011f\u0131n\u0131n fark\u0131ndayd\u0131. Ertesi g\u00fcn Microsoft, Chromium tabanl\u0131 Edge taray\u0131c\u0131s\u0131nda <a href=\"https:\/\/msrc.microsoft.com\/update-guide\/vulnerability\/CVE-2022-1096\" target=\"_blank\" rel=\"noopener nofollow\">ayn\u0131 g\u00fcvenlik a\u00e7\u0131\u011f\u0131n\u0131 d\u00fczeltti<\/a>. \u015euana kadar olanlar\u0131 \u00f6zetlersek, g\u00fcvenlik a\u00e7\u0131\u011f\u0131ndan yararlanman\u0131n yaln\u0131zca m\u00fcmk\u00fcn olmad\u0131\u011f\u0131n\u0131, ayn\u0131 zamanda sald\u0131rganlar taraf\u0131ndan aktif olarak da kullan\u0131ld\u0131\u011f\u0131n\u0131 varsayabiliriz<\/p>\n<h2>28 yeni g\u00fcvenlik a\u00e7\u0131\u011f\u0131<\/h2>\n<p>En son g\u00fcncelleme ile ele al\u0131nan 28 g\u00fcvenlik a\u00e7\u0131\u011f\u0131ndan \u00e7o\u011fu (20\u2019si) ba\u011f\u0131ms\u0131z ara\u015ft\u0131rmac\u0131lar, geri kalan sekizi ise Google\u2019\u0131n kendi uzmanlar\u0131 taraf\u0131ndan ke\u015ffedildi. Y\u00fcksek \u00f6nem d\u00fczeyine sahip dokuz g\u00fcvenlik a\u00e7\u0131\u011f\u0131ndan d\u00f6rd\u00fc (CVE-2022-1125, CVE-2022-1127, CVE-2022-1131, CVE-2022-1133) use-after-free s\u0131n\u0131f\u0131na ait; \u00fc\u00e7 tanesi (CVE-2022-1128, CVE-2022-1129, CVE-2022-1132) \u00e7e\u015fitli bile\u015fenlerdeki uygunsuz uygulamalarla, bir di\u011feri (CVE-2022-1130) ise, WebOTP\u2019de g\u00fcvenilir olmayan giri\u015f konusunda yetersiz do\u011frulamayla ve geri kalan (CVE-2022-1134) da, yukar\u0131da bahsedilen CVE-2022-1096 gibi, V8 motorunda bir Type Confusion (t\u00fcr kar\u0131\u015f\u0131kl\u0131\u011f\u0131) sorunyla ilgili bir a\u00e7\u0131k.<\/p>\n<h2>Kendinizi koruman\u0131n yollar\u0131<\/h2>\n<p>\u0130lk olarak, taray\u0131c\u0131n\u0131z\u0131 en son s\u00fcr\u00fcme g\u00fcncellemeniz gerekiyor \u2014 Bu yaz\u0131n\u0131n yaz\u0131ld\u0131\u011f\u0131 s\u0131rada son s\u00fcr\u00fcm 100.0.4896.60 idi. Chrome s\u00fcr\u00fcm\u00fcn\u00fcz daha eskiyse, taray\u0131c\u0131n\u0131z\u0131n otomatik olarak g\u00fcncellenmememi\u015f demektir, bu nedenle taray\u0131c\u0131n\u0131z\u0131 <a href=\"https:\/\/www.kaspersky.com.tr\/blog\/how-to-update-google-chrome\/10505\/\" target=\"_blank\" rel=\"noopener\">ad\u0131m ad\u0131m g\u00fcncelleme talimatlar\u0131m\u0131z\u0131<\/a> kullanarak manuel olarak g\u00fcncellemenizi \u00f6neriyoruz. Microsoft Edge kullan\u0131yorsan\u0131z, onu da g\u00fcncellemeyi unutmay\u0131n \u2014 G\u00fcncelleme, Google Chrome\u2019da oldu\u011fu gibidir.<\/p>\n<p>Ayr\u0131ca haberleri takip etmenizi ve g\u00fcvenlik \u00e7\u00f6z\u00fcmleri, taray\u0131c\u0131lar, ofis paketleri ve i\u015fletim sisteminin kendisi de dahil olmak \u00fczere en <a href=\"https:\/\/www.kaspersky.com.tr\/blog\/5-things-that-you-must-update-asap\/9640\/\" target=\"_blank\" rel=\"noopener\">kritik programlar\u0131<\/a> zaman\u0131nda g\u00fcncellemenizi \u00f6neriyoruz.<\/p>\n<p>Bununla birlikte, g\u00fcvenlik a\u00e7\u0131klar\u0131ndan yararlanma giri\u015fimlerini otomatik olarak tespit edip,\u00a0<a href=\"https:\/\/www.kaspersky.com.tr\/advert\/security-cloud?icid=tr_kdailyplacehold_acq_ona_smm__onl_b2c_kasperskydaily_wpplaceholder____ksc___\" target=\"_blank\" rel=\"noopener\">\u00f6nleyebilen g\u00fcvenilir g\u00fcvenlik \u00e7\u00f6z\u00fcmleri<\/a> kullanman\u0131z\u0131 \u00f6neriyoruz, b\u00f6ylece resmi yamalar yay\u0131nlanmadan \u00f6nce bile sald\u0131r\u0131lara kar\u015f\u0131 kendinizi koruyabilirsiniz.<\/p>\n<input type=\"hidden\" class=\"category_for_banner\" value=\"ksc\">\n","protected":false},"excerpt":{"rendered":"<p>En son Google Chrome g\u00fcncellemesi, 10 y\u00fcksek \u00f6nem seviyesindeki g\u00fcvenlik a\u00e7\u0131\u011f\u0131 ile birlikte daha d\u00fc\u015f\u00fck \u00f6nem seviyesindeki bir \u00e7ok kritik hatay\u0131 d\u00fczeltiyor. \u015eimdi taray\u0131c\u0131n\u0131z\u0131 g\u00fcncelleme zaman\u0131!<\/p>\n","protected":false},"author":2706,"featured_media":10590,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[1351],"tags":[16,22,790,1749],"class_list":{"0":"post-10589","1":"post","2":"type-post","3":"status-publish","4":"format-standard","5":"has-post-thumbnail","7":"category-threats","8":"tag-chrome","9":"tag-google","10":"tag-guvenlik-aciklari","11":"tag-tarayicilar"},"hreflang":[{"hreflang":"tr","url":"https:\/\/www.kaspersky.com.tr\/blog\/chrome-ten-high-severity-vulnerabilities\/10589\/"},{"hreflang":"en-in","url":"https:\/\/www.kaspersky.co.in\/blog\/chrome-ten-high-severity-vulnerabilities\/24000\/"},{"hreflang":"en-ae","url":"https:\/\/me-en.kaspersky.com\/blog\/chrome-ten-high-severity-vulnerabilities\/19487\/"},{"hreflang":"ar","url":"https:\/\/me.kaspersky.com\/blog\/chrome-ten-high-severity-vulnerabilities\/9838\/"},{"hreflang":"en-us","url":"https:\/\/usa.kaspersky.com\/blog\/chrome-ten-high-severity-vulnerabilities\/26310\/"},{"hreflang":"en-gb","url":"https:\/\/www.kaspersky.co.uk\/blog\/chrome-ten-high-severity-vulnerabilities\/24268\/"},{"hreflang":"es","url":"https:\/\/www.kaspersky.es\/blog\/chrome-ten-high-severity-vulnerabilities\/27029\/"},{"hreflang":"it","url":"https:\/\/www.kaspersky.it\/blog\/chrome-ten-high-severity-vulnerabilities\/26574\/"},{"hreflang":"ru","url":"https:\/\/www.kaspersky.ru\/blog\/chrome-ten-high-severity-vulnerabilities\/33016\/"},{"hreflang":"x-default","url":"https:\/\/www.kaspersky.com\/blog\/chrome-ten-high-severity-vulnerabilities\/44023\/"},{"hreflang":"fr","url":"https:\/\/www.kaspersky.fr\/blog\/chrome-ten-high-severity-vulnerabilities\/18699\/"},{"hreflang":"pt-br","url":"https:\/\/www.kaspersky.com.br\/blog\/chrome-ten-high-severity-vulnerabilities\/19238\/"},{"hreflang":"pl","url":"https:\/\/plblog.kaspersky.com\/chrome-ten-high-severity-vulnerabilities\/15890\/"},{"hreflang":"de","url":"https:\/\/www.kaspersky.de\/blog\/chrome-ten-high-severity-vulnerabilities\/28426\/"},{"hreflang":"nl","url":"https:\/\/www.kaspersky.nl\/blog\/chrome-ten-high-severity-vulnerabilities\/28185\/"},{"hreflang":"ru-kz","url":"https:\/\/blog.kaspersky.kz\/chrome-ten-high-severity-vulnerabilities\/24914\/"},{"hreflang":"en-au","url":"https:\/\/www.kaspersky.com.au\/blog\/chrome-ten-high-severity-vulnerabilities\/30349\/"},{"hreflang":"en-za","url":"https:\/\/www.kaspersky.co.za\/blog\/chrome-ten-high-severity-vulnerabilities\/30117\/"}],"acf":[],"banners":"","maintag":{"url":"https:\/\/www.kaspersky.com.tr\/blog\/tag\/chrome\/","name":"Chrome"},"_links":{"self":[{"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/posts\/10589","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/users\/2706"}],"replies":[{"embeddable":true,"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/comments?post=10589"}],"version-history":[{"count":1,"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/posts\/10589\/revisions"}],"predecessor-version":[{"id":10591,"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/posts\/10589\/revisions\/10591"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/media\/10590"}],"wp:attachment":[{"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/media?parent=10589"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/categories?post=10589"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/tags?post=10589"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}