{"id":14048,"date":"2025-12-09T14:42:50","date_gmt":"2025-12-09T11:42:50","guid":{"rendered":"https:\/\/www.kaspersky.com.tr\/blog\/?p=14048"},"modified":"2025-12-09T14:42:50","modified_gmt":"2025-12-09T11:42:50","slug":"chrome-extension-security-validation","status":"publish","type":"post","link":"https:\/\/www.kaspersky.com.tr\/blog\/chrome-extension-security-validation\/14048\/","title":{"rendered":"Taray\u0131c\u0131 uzant\u0131lar\u0131: Asla g\u00fcvenmeyin, her zaman do\u011frulay\u0131n"},"content":{"rendered":"<p>K\u00f6t\u00fc ama\u00e7l\u0131 taray\u0131c\u0131 uzant\u0131lar\u0131, bir\u00e7ok kurulu\u015fun siber g\u00fcvenlik ekipleri i\u00e7in \u00f6nemli bir k\u00f6r nokta olmaya devam etmektedir. Siber su\u00e7lular\u0131n cephaneli\u011finde kal\u0131c\u0131 bir yer edinen bu ara\u00e7lar; oturum ve hesap h\u0131rs\u0131zl\u0131\u011f\u0131, casusluk, di\u011fer su\u00e7 faaliyetlerini gizleme, reklam doland\u0131r\u0131c\u0131l\u0131\u011f\u0131 ve kripto para h\u0131rs\u0131zl\u0131\u011f\u0131 i\u00e7in kullan\u0131lmaktalar. K\u00f6t\u00fc ama\u00e7l\u0131 uzant\u0131larla ilgili y\u00fcksek profilli olaylar s\u0131k s\u0131k ya\u015fanmakta; <a href=\"https:\/\/www.kaspersky.com\/blog\/chrome-extension-malicious-updates-and-mitigations\/52871\/\" target=\"_blank\" rel=\"noopener nofollow\">Cyberhaven g\u00fcvenlik uzant\u0131s\u0131n\u0131n ele ge\u00e7irilmesinden<\/a>, <a href=\"https:\/\/www.kaspersky.com.tr\/blog\/suspicious-chrome-extensions-with-6-million-installs\/13468\/\" target=\"_blank\" rel=\"noopener\">bilgi h\u0131rs\u0131zl\u0131\u011f\u0131 uzant\u0131lar\u0131n\u0131n toplu olarak yay\u0131nlanmas\u0131na<\/a> kadar \u00e7e\u015fitli olaylar meydana gelmektedir.<\/p>\n<p>Uzant\u0131lar, SaaS uygulamalar\u0131 ve web siteleri i\u00e7indeki bilgilere geni\u015f eri\u015fim ve izinler verildi\u011finden sald\u0131rganlar i\u00e7in caziptir. Ba\u011f\u0131ms\u0131z uygulamalar olmad\u0131klar\u0131 i\u00e7in, genellikle standart g\u00fcvenlik ilke ve kontrol ara\u00e7lar\u0131n\u0131 atlat\u0131rlar.<\/p>\n<p>Bir \u015firketin g\u00fcvenlik ekibi bu sorunu sistematik bir \u015fekilde ele almal\u0131d\u0131r. Taray\u0131c\u0131 uzant\u0131lar\u0131n\u0131 y\u00f6netmek i\u00e7in ilke y\u00f6netim ara\u00e7lar\u0131 ile \u00f6zel uzant\u0131 analiz hizmetleri veya yard\u0131mc\u0131 programlar\u0131n\u0131n bir kombinasyonu gerekir. Bu konu, Athanasios Giatsos\u2019un <a href=\"https:\/\/thesascon.com\" target=\"_blank\" rel=\"noopener nofollow\">Security Analyst Summit 2025<\/a>\u2018teki konu\u015fmas\u0131n\u0131n odak noktas\u0131yd\u0131.<\/p>\n<h2>Web uzant\u0131lar\u0131n\u0131n tehdit yetenekleri ve Manifest V3\u2019teki yenilikler<\/h2>\n<p>Bir taray\u0131c\u0131n\u0131n web uzant\u0131s\u0131, web sayfas\u0131 bilgilerine geni\u015f eri\u015fim hakk\u0131na sahiptir; web uygulamas\u0131 arac\u0131l\u0131\u011f\u0131yla kullan\u0131c\u0131n\u0131n eri\u015febilece\u011fi t\u00fcm verileri okuyabilir ve de\u011fi\u015ftirebilir, buna finansal veya t\u0131bbi kay\u0131tlar da dahildir. Uzant\u0131lar ayr\u0131ca genellikle kullan\u0131c\u0131lar taraf\u0131ndan g\u00f6r\u00fclmeyen \u00e7erezler, yerel depolama ve proxy ayarlar\u0131 gibi \u00f6nemli verilere eri\u015fim sa\u011flar. Bu, oturum ele ge\u00e7irmeyi b\u00fcy\u00fck \u00f6l\u00e7\u00fcde kolayla\u015ft\u0131r\u0131r. Bazen, uzant\u0131lar\u0131n yetenekleri web sayfalar\u0131n\u0131n \u00e7ok \u00f6tesine ge\u00e7er: Kullan\u0131c\u0131n\u0131n konumuna, taray\u0131c\u0131 indirmelerine, masa\u00fcst\u00fc ekran g\u00f6r\u00fcnt\u00fcs\u00fcne, pano i\u00e7eri\u011fine ve taray\u0131c\u0131 bildirimlerine eri\u015febilirler.<\/p>\n<p>Daha \u00f6nce bask\u0131n olan uzant\u0131 mimarisinde; Chrome, Edge, Opera, Vivaldi, Firefox ve Safari\u2019de \u00e7al\u0131\u015fan Manifest V2 uzant\u0131lar\u0131, yetenekleri a\u00e7\u0131s\u0131ndan tam donan\u0131ml\u0131 uygulamalardan neredeyse ay\u0131rt edilemez. Arka plan komut dosyalar\u0131n\u0131 s\u00fcrekli \u00e7al\u0131\u015ft\u0131rabilir, g\u00f6r\u00fcnmeyen web sayfalar\u0131n\u0131 a\u00e7\u0131k tutabilir, harici web sitelerinden komut dosyalar\u0131n\u0131 y\u00fckleyip \u00e7al\u0131\u015ft\u0131rabilir ve verileri almak veya g\u00f6ndermek i\u00e7in rastgele sitelerle ileti\u015fim kurabilirler. Olas\u0131 k\u00f6t\u00fcye kullan\u0131mlar\u0131 \u00f6nlemek ve <a href=\"https:\/\/www.kaspersky.com.tr\/blog\/best-private-browser-in-2025\/13233\/\" target=\"_blank\" rel=\"noopener\">reklam engelleyicileri<\/a> s\u0131n\u0131rlamak i\u00e7in Google, Chromium ve Chrome\u2019u Manifest V3\u2019e ge\u00e7irdi. Bu g\u00fcncelleme bir\u00e7ok uzant\u0131 \u00f6zelli\u011fini s\u0131n\u0131rlad\u0131 veya engelledi. Uzant\u0131lar art\u0131k ileti\u015fim kurduklar\u0131 t\u00fcm siteleri beyan etmek ve kal\u0131c\u0131 arka plan komut dosyalar\u0131 yerine k\u0131sa \u00f6m\u00fcrl\u00fc mikro hizmetler kullanmak zorundad\u0131rlar, ayr\u0131ca dinamik olarak y\u00fcklenen \u00fc\u00e7\u00fcnc\u00fc taraf kodlar\u0131 \u00e7al\u0131\u015ft\u0131rmalar\u0131 da yasakt\u0131r. Yeni mimari nedeniyle baz\u0131 sald\u0131r\u0131 t\u00fcrlerinin ger\u00e7ekle\u015ftirilmesi art\u0131k daha zor olsa da, sald\u0131rganlar gizlilikten \u00f6d\u00fcn vererek gerekli i\u015flevlerin \u00e7o\u011funu korumak i\u00e7in k\u00f6t\u00fc ama\u00e7l\u0131 kodlar\u0131n\u0131 kolayca yeniden yazabilirler. Bu nedenle, bir kurulu\u015f i\u00e7inde yaln\u0131zca Manifest V3 alt\u0131nda \u00e7al\u0131\u015fan taray\u0131c\u0131lara ve uzant\u0131lara g\u00fcvenmek izlemeyi basitle\u015ftirir, ancak her derde deva de\u011fildir.<\/p>\n<p>Ayr\u0131ca, V3 uzant\u0131larla ilgili temel sorunu ele almamakta: uzant\u0131lar genellikle resmi uygulama ma\u011fazalar\u0131ndan, Google, Microsoft veya Mozilla\u2019n\u0131n yasal alan adlar\u0131 kullan\u0131larak indirilmektedir. Bu etkinlikler taray\u0131c\u0131 taraf\u0131ndan ba\u015flat\u0131lm\u0131\u015f gibi g\u00f6r\u00fcnd\u00fc\u011f\u00fcnden, bir uzant\u0131 taraf\u0131ndan ger\u00e7ekle\u015ftirilen eylemleri kullan\u0131c\u0131n\u0131n manuel olarak ger\u00e7ekle\u015ftirdi\u011fi eylemlerden ay\u0131rt etmek son derece zordur.<\/p>\n<h2>K\u00f6t\u00fc ama\u00e7l\u0131 uzant\u0131lar nas\u0131l ortaya \u00e7\u0131k\u0131yor?<\/h2>\n<p>Athanasios Giatsos, kamuoyuna yans\u0131yan \u00e7e\u015fitli olaylardan yola \u00e7\u0131karak, k\u00f6t\u00fc ama\u00e7l\u0131 uzant\u0131lar\u0131n ortaya \u00e7\u0131kabilece\u011fi birka\u00e7 senaryoyu \u00f6ne \u00e7\u0131karmaktad\u0131r:<\/p>\n<ul>\n<li>Orijinal geli\u015ftirici, yasal ve pop\u00fcler bir uzant\u0131 satmaktad\u0131r. Al\u0131c\u0131 daha sonra reklam g\u00f6sterimi, casusluk veya di\u011fer k\u00f6t\u00fc ama\u00e7lar i\u00e7in k\u00f6t\u00fc ama\u00e7l\u0131 kodlarla onu \u201cgeli\u015ftirir\u201d. \u00d6rnekler aras\u0131nda <a href=\"https:\/\/securityaffairs.com\/114272\/malware\/the-great-suspender-extension-malware.html\" target=\"_blank\" rel=\"noopener nofollow\">The Great Suspender<\/a> ve <a href=\"https:\/\/krebsonsecurity.com\/2020\/03\/the-case-for-limiting-your-browser-extensions\/\" target=\"_blank\" rel=\"noopener nofollow\">Page Ruler<\/a> say\u0131labilir.<\/li>\n<li>Sald\u0131rganlar, <a href=\"https:\/\/www.cyberhaven.com\/engineering-blog\/cyberhavens-preliminary-analysis-of-the-recent-malicious-chrome-extension\" target=\"_blank\" rel=\"noopener nofollow\">Cyberhaven<\/a> \u00f6rne\u011finde oldu\u011fu gibi, geli\u015ftiricinin hesab\u0131n\u0131 ele ge\u00e7irir ve mevcut bir uzant\u0131 i\u00e7in trojan i\u00e7eren bir g\u00fcncelleme yay\u0131nlar.<\/li>\n<li>Uzant\u0131, ba\u015f\u0131ndan itibaren k\u00f6t\u00fc ama\u00e7l\u0131 olacak \u015fekilde tasarlanm\u0131\u015ft\u0131r. Ya sahte <a href=\"https:\/\/www.kaspersky.com.tr\/blog\/dangerous-browser-extensions-2023\/11947\/#:~:text=Rilide%2C%20%C5%9F%C3%BCphe%20%C3%A7ekmemek%20i%C3%A7in%20ger%C3%A7ek%20bir%20Google%20Drive%20uzant%C4%B1s%C4%B1n%C4%B1%20taklit%20ederek%20Chrome%2C%20Edge%2C%20Brave%20ve%20Opera%20gibi%20Chromium%20tabanl%C4%B1%20taray%C4%B1c%C4%B1%20kullan%C4%B1c%C4%B1lar%C4%B1na%20sald%C4%B1r%C4%B1yor\" target=\"_blank\" rel=\"noopener\">Save to Google Drive<\/a> arac\u0131 gibi yararl\u0131 bir yard\u0131mc\u0131 program gibi g\u00f6r\u00fcn\u00fcr ya da mevcut d\u00fczinelerce AdBlock klonu gibi pop\u00fcler uzant\u0131lar\u0131n adlar\u0131n\u0131 ve tasar\u0131mlar\u0131n\u0131 taklit eder.<\/li>\n<li>Bu plan\u0131n daha geli\u015fmi\u015f bir versiyonu, uzant\u0131y\u0131 ba\u015flang\u0131\u00e7ta temiz bir durumda yay\u0131nlamay\u0131 i\u00e7erir; bu durumda uzant\u0131 ger\u00e7ekten yararl\u0131 bir i\u015flev yerine getirir. K\u00f6t\u00fc ama\u00e7l\u0131 eklentiler, uzant\u0131 yeterince pop\u00fcler hale geldikten birka\u00e7 hafta veya hatta birka\u00e7 ay sonra eklenir. <a href=\"https:\/\/www.kaspersky.com.tr\/blog\/dangerous-browser-extensions-2023\/11947\/#:~:text=Sahte%20ChatGPT%20uzant%C4%B1lar%C4%B1%20Facebook%20hesaplar%C4%B1n%C4%B1%20ele%20ge%C3%A7iriyor\" target=\"_blank\" rel=\"noopener\">ChatGPT for Google<\/a> bunun bir \u00f6rne\u011fidir.<\/li>\n<\/ul>\n<p>T\u00fcm bu senaryolarda, uzant\u0131 Chrome Web Ma\u011fazas\u0131nda yayg\u0131n olarak mevcuttur ve bazen reklamlar\u0131 bile yap\u0131lmaktad\u0131r. Ancak, kimlik av\u0131 sayfalar\u0131 veya mesajlar\u0131 kurbanlar\u0131 <a href=\"https:\/\/www.kaspersky.com.tr\/blog\/dangerous-browser-extensions-2023\/11947\/#:~:text=ChromeLoader%3A%20K%C3%B6t%C3%BC%20ama%C3%A7l%C4%B1%20uzant%C4%B1lar%20i%C3%A7eren%20korsan%20i%C3%A7erik\" target=\"_blank\" rel=\"noopener\">herkese a\u00e7\u0131k olmayan<\/a> k\u00f6t\u00fc ama\u00e7l\u0131 bir uzant\u0131y\u0131 y\u00fcklemeye y\u00f6nlendiren hedefli sald\u0131r\u0131 senaryolar\u0131 da vard\u0131r.<\/p>\n<p>Chrome Web Ma\u011fazas\u0131 arac\u0131l\u0131\u011f\u0131yla merkezi da\u011f\u0131t\u0131m, taray\u0131c\u0131 ve uzant\u0131lar i\u00e7in otomatik g\u00fcncellemelerle birle\u015fti\u011finde, kullan\u0131c\u0131lar genellikle fark\u0131nda olmadan ve hi\u00e7bir \u00e7aba sarf etmeden k\u00f6t\u00fc ama\u00e7l\u0131 bir uzant\u0131ya sahip olurlar. Bilgisayara \u00f6nceden y\u00fcklenmi\u015f bir uzant\u0131 k\u00f6t\u00fc ama\u00e7l\u0131 bir g\u00fcncelleme al\u0131rsa, bu g\u00fcncelleme otomatik olarak y\u00fcklenir.<\/p>\n<h2>K\u00f6t\u00fc ama\u00e7l\u0131 uzant\u0131lara kar\u015f\u0131 kurumsal savunma mekanizmalar\u0131<\/h2>\n<p>Athanasios konu\u015fmas\u0131nda bir dizi genel \u00f6neride bulundu:<\/p>\n<ul>\n<li>Taray\u0131c\u0131 uzant\u0131lar\u0131n\u0131n kullan\u0131m\u0131na ili\u015fkin bir \u015firket ilkesi benimseyin.<\/li>\n<li>Siber g\u00fcvenlik ve BT departmanlar\u0131 taraf\u0131ndan onaylanan listede a\u00e7\u0131k\u00e7a belirtilmeyen t\u00fcm uzant\u0131lar\u0131 yasaklay\u0131n.<\/li>\n<li>Y\u00fckl\u00fc t\u00fcm uzant\u0131lar\u0131 ve s\u00fcr\u00fcmlerini s\u00fcrekli olarak denetleyin.<\/li>\n<li>Uzant\u0131lar g\u00fcncellendi\u011finde, bunlara verilen izinlerdeki de\u011fi\u015fiklikleri takip edin ve uzant\u0131lar\u0131n veya geli\u015ftirici ekibinin sahipli\u011findeki de\u011fi\u015fiklikleri izleyin.<\/li>\n<li>Taray\u0131c\u0131 uzant\u0131lar\u0131n\u0131n kullan\u0131m\u0131na ili\u015fkin riskler ve kurallar hakk\u0131nda bilgileri, t\u00fcm \u00e7al\u0131\u015fanlara y\u00f6nelik g\u00fcvenlik bilinci e\u011fitim programlar\u0131na dahil edin.<\/li>\n<\/ul>\n<p>Bu \u00f6nerilere birka\u00e7 pratik bilgi ve \u00f6zel hususlar ekliyoruz.<\/p>\n<p><strong>K\u0131s\u0131tlanm\u0131\u015f uzant\u0131 ve taray\u0131c\u0131 listesi:<\/strong> \u015eirketin resmi olarak onaylanm\u0131\u015f taray\u0131c\u0131s\u0131nda g\u00fcvenlik ilkeleri uygulamakla birlikte, ta\u015f\u0131nabilir s\u00fcr\u00fcmlerin ve <a href=\"https:\/\/www.kaspersky.com.tr\/blog\/ai-browser-security-privacy-risks\/13779\/\" target=\"_blank\" rel=\"noopener\">Comet gibi pop\u00fcler yapay zeka taray\u0131c\u0131lar\u0131n<\/a> veya ayn\u0131 tehlikeli uzant\u0131lar\u0131n y\u00fcklenmesine izin veren di\u011fer yetkisiz \u00e7\u00f6z\u00fcmlerin y\u00fcklenmesini yasaklamak da \u00e7ok \u00f6nemlidir. Bu ad\u0131m\u0131 uygularken, yerel y\u00f6netici ayr\u0131cal\u0131klar\u0131n\u0131n yaln\u0131zca BT personeli ve i\u015f g\u00f6revleri gere\u011fi bu ayr\u0131cal\u0131klara kesinlikle ihtiya\u00e7 duyan di\u011fer personel ile s\u0131n\u0131rl\u0131 oldu\u011fundan emin olun.<\/p>\n<p>\u015eirketin ana taray\u0131c\u0131s\u0131 i\u00e7in uygulanan ilke kapsam\u0131nda, geli\u015ftirici modunu devre d\u0131\u015f\u0131 b\u0131rakmal\u0131 ve yerel dosyalardan uzant\u0131 y\u00fcklemesini yasaklamal\u0131s\u0131n\u0131z. Chrome i\u00e7in bunu <a href=\"https:\/\/support.google.com\/chrome\/a\/answer\/6177431?hl=tr\" target=\"_blank\" rel=\"noopener nofollow\">Y\u00f6netici konsolu<\/a> \u00fczerinden y\u00f6netebilirsiniz. Bu ayarlar Windows Grup \u0130lkeleri, macOS yap\u0131land\u0131rma profilleri veya Linux\u2019ta bir <a href=\"https:\/\/support.google.com\/chrome\/a\/answer\/7517525?hl=tr\" target=\"_blank\" rel=\"noopener nofollow\">JSON ilke dosyas\u0131<\/a> arac\u0131l\u0131\u011f\u0131yla da kullan\u0131labilir.<\/p>\n<p><strong>Y\u00f6netilen g\u00fcncellemeler:<\/strong> \u0130zin verilen uzant\u0131lar\u0131n g\u00fcncellemelerinin \u015firket genelinde hemen y\u00fcklenmesini \u00f6nlemek i\u00e7in <a href=\"https:\/\/support.google.com\/chrome\/a\/answer\/11190170?hl=tr\" target=\"_blank\" rel=\"noopener nofollow\">s\u00fcr\u00fcm sabitleme<\/a> \u00f6zelli\u011fini uygulay\u0131n. BT ve siber g\u00fcvenlik ekipleri, onaylanm\u0131\u015f uzant\u0131lar\u0131n yeni s\u00fcr\u00fcmlerini d\u00fczenli olarak test etmeli ve g\u00fcncellenmi\u015f s\u00fcr\u00fcmleri ancak incelendikten sonra sabitlemelidir.<\/p>\n<p><strong>\u00c7ok katmanl\u0131 savunma:<\/strong> Kullan\u0131c\u0131lar\u0131n yetkisiz taray\u0131c\u0131lar\u0131 ba\u015flatmas\u0131n\u0131 \u00f6nlemek, k\u00f6t\u00fc ama\u00e7l\u0131 kimlik av\u0131 sitelerini ziyaret etme risklerini azaltmak ve k\u00f6t\u00fc ama\u00e7l\u0131 yaz\u0131l\u0131m indirmelerini engellemek i\u00e7in t\u00fcm kurumsal cihazlara bir <a href=\"https:\/\/www.kaspersky.com.tr\/enterprise-security\/endpoint-detection-response-edr?icid=tr_kdailyplacehold_acq_ona_smm__onl_b2b_kasperskydaily_wpplaceholder_______\" target=\"_blank\" rel=\"noopener\">EDR ajan\u0131<\/a> y\u00fcklemek zorunludur. \u015e\u00fcpheli ana bilgisayarlarla ileti\u015fim ve di\u011fer anormallikleri ger\u00e7ek zamanl\u0131 olarak tespit etmek i\u00e7in, g\u00fcvenlik duvar\u0131 d\u00fczeyinde DNS isteklerini ve taray\u0131c\u0131 a\u011f trafi\u011fini izlemek de gereklidir.<\/p>\n<p><strong>S\u00fcrekli izleme:<\/strong> EDR ve <a href=\"https:\/\/www.kaspersky.com.tr\/enterprise-security\/unified-monitoring-and-analysis-platform?icid=tr_kdailyplacehold_acq_ona_smm__onl_b2b_kasperskydaily_wpplaceholder_______\" target=\"_blank\" rel=\"noopener\">SIEM<\/a> \u00e7\u00f6z\u00fcmlerini kullanarak \u00e7al\u0131\u015fanlar\u0131n i\u015f istasyonlar\u0131ndan taray\u0131c\u0131 durumu ayr\u0131nt\u0131lar\u0131n\u0131 toplay\u0131n. Bu, y\u00fckl\u00fc her taray\u0131c\u0131daki uzant\u0131lar\u0131n listesini ve s\u00fcr\u00fcm ve izin analizi i\u00e7in manifest dosyalar\u0131n\u0131 i\u00e7erir. Bu, yeni uzant\u0131lar\u0131n y\u00fcklenmesini veya s\u00fcr\u00fcm\u00fcn g\u00fcncellenmesini ve izin de\u011fi\u015fikliklerinin yap\u0131lmas\u0131n\u0131 h\u0131zl\u0131 bir \u015fekilde belirlemeye olanak tan\u0131r.<\/p>\n<h2>Taray\u0131c\u0131 uzant\u0131lar\u0131n\u0131 nas\u0131l inceleyebilirim?<\/h2>\n<p>Yukar\u0131da bahsedilen kontrolleri uygulamak i\u00e7in, \u015firketin onaylanm\u0131\u015f ve yasaklanm\u0131\u015f uzant\u0131lar\u0131n i\u00e7 veri taban\u0131na ihtiyac\u0131 vard\u0131r. Ne yaz\u0131k ki, uygulama ma\u011fazalar\u0131 ve taray\u0131c\u0131lar, kurumsal \u00f6l\u00e7ekte bir risk de\u011ferlendirmesi yapmak veya b\u00f6yle bir listeyi otomatik olarak olu\u015fturmak i\u00e7in herhangi bir mekanizma sunmamaktad\u0131rlar. Bu nedenle, siber g\u00fcvenlik ekibi hem bu s\u00fcreci hem de listeyi olu\u015fturmal\u0131d\u0131r. \u00c7al\u0131\u015fanlar ayr\u0131ca, onaylanm\u0131\u015f listeye uzant\u0131 eklemek i\u00e7in resmi bir ba\u015fvuru prosed\u00fcr\u00fcne ihtiya\u00e7 duyacaklard\u0131r.<\/p>\n<p>\u0130\u015f ihtiya\u00e7lar\u0131n\u0131n ve mevcut alternatiflerin de\u011ferlendirilmesinin ilgili i\u015f biriminin bir temsilcisi ile birlikte ger\u00e7ekle\u015ftirilmesi en uygunudur. Bununla birlikte, risk de\u011ferlendirmesi tamamen g\u00fcvenlik ekibinin sorumlulu\u011funda kalmaktad\u0131r. Uzant\u0131lar\u0131 manuel olarak indirip farkl\u0131 uzant\u0131 ma\u011fazalar\u0131nda \u00e7apraz referanslamak gerekmez. Bu g\u00f6rev, a\u00e7\u0131k kaynakl\u0131 yard\u0131mc\u0131 programlar, \u00fccretsiz \u00e7evrimi\u00e7i hizmetler ve ticari platformlar gibi \u00e7e\u015fitli ara\u00e7larla ger\u00e7ekle\u015ftirilebilir.<\/p>\n<p><a href=\"https:\/\/spin.ai\/application-risk-assessment\/\" target=\"_blank\" rel=\"noopener nofollow\">Spin.AI<\/a> ve <a href=\"https:\/\/dex.koi.security\/\" target=\"_blank\" rel=\"noopener nofollow\">Koidex<\/a> (eski ad\u0131yla ExtensionTotal) gibi hizmetler, genel risk profilini \u00f6l\u00e7mek i\u00e7in kullan\u0131labilir. Her ikisi de pop\u00fcler uzant\u0131lar\u0131n bir veri taban\u0131n\u0131 tutar, bu nedenle de\u011ferlendirme genellikle an\u0131nda yap\u0131l\u0131r. LLM\u2019leri kullanarak uzant\u0131n\u0131n \u00f6zelliklerinin k\u0131sa bir \u00f6zetini olu\u015ftururlar, ancak gerekli izinler, geli\u015ftiricinin profili, s\u00fcr\u00fcm ge\u00e7mi\u015fi, derecelendirmeler ve indirmeler dahil olmak \u00fczere ayr\u0131nt\u0131lar da sa\u011flarlar.<\/p>\n<p>Uzant\u0131larla ilgili temel verileri incelemek i\u00e7in <a href=\"https:\/\/chrome-stats.com\/\" target=\"_blank\" rel=\"noopener nofollow\">Chrome-Stats<\/a>\u2018\u0131 da kullanabilirsiniz. \u00d6ncelikle uzant\u0131 geli\u015ftiricileri i\u00e7in tasarlanm\u0131\u015f olsa da, bu hizmet derecelendirmeleri, yorumlar\u0131 ve di\u011fer ma\u011faza verilerini g\u00f6r\u00fcnt\u00fcler. En \u00f6nemlisi, kullan\u0131c\u0131lar\u0131n bir uzant\u0131n\u0131n mevcut ve \u00f6nceki birka\u00e7 s\u00fcr\u00fcm\u00fcn\u00fc do\u011frudan indirebilmesini sa\u011flar, bu da olay ara\u015ft\u0131rmas\u0131n\u0131 basitle\u015ftirir.<\/p>\n<p>\u015e\u00fcpheli veya g\u00f6rev a\u00e7\u0131s\u0131ndan kritik uzant\u0131lar\u0131 daha derinlemesine analiz etmek i\u00e7in <a href=\"https:\/\/github.com\/Rob--W\/crxviewer\" target=\"_blank\" rel=\"noopener nofollow\">CRX Viewer<\/a> gibi ara\u00e7lar\u0131 kullanabilirsiniz. Bu ara\u00e7, analistlerin uzant\u0131n\u0131n i\u00e7 bile\u015fenlerini incelemelerine olanak tan\u0131r ve HTML ve JavaScript koduna odaklanarak i\u00e7eri\u011fi kolayca filtreler ve g\u00f6r\u00fcnt\u00fcler.<\/p>\n<input type=\"hidden\" class=\"category_for_banner\" value=\"mdr\"><input type=\"hidden\" class=\"placeholder_for_banner\" data-cat_id=\"mdr\" value=\"13478\">\n","protected":false},"excerpt":{"rendered":"<p>Kurulu\u015flar\u0131n k\u00f6t\u00fc ama\u00e7l\u0131 taray\u0131c\u0131 uzant\u0131lar\u0131na kar\u015f\u0131 savunma amac\u0131yla kullanabilecekleri sistematik \u00f6nlemler ve ara\u00e7lar.<\/p>\n","protected":false},"author":2722,"featured_media":14049,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[1726,1194],"tags":[16,612,21,1274,1525,1969,337,561,1749,537,878,2819,1750],"class_list":{"0":"post-14048","1":"post","2":"type-post","3":"status-publish","4":"format-standard","5":"has-post-thumbnail","7":"category-enterprise","8":"category-business","9":"tag-chrome","10":"tag-dolandiricilik","11":"tag-firefox","12":"tag-is","13":"tag-parolalar","14":"tag-safari","15":"tag-sas","16":"tag-sifreler","17":"tag-tarayicilar","18":"tag-tehditler","19":"tag-teknoloji","20":"tag-thesas2025","21":"tag-uzantilar"},"hreflang":[{"hreflang":"tr","url":"https:\/\/www.kaspersky.com.tr\/blog\/chrome-extension-security-validation\/14048\/"},{"hreflang":"en-in","url":"https:\/\/www.kaspersky.co.in\/blog\/chrome-extension-security-validation\/29851\/"},{"hreflang":"en-ae","url":"https:\/\/me-en.kaspersky.com\/blog\/chrome-extension-security-validation\/24921\/"},{"hreflang":"ar","url":"https:\/\/me.kaspersky.com\/blog\/chrome-extension-security-validation\/13036\/"},{"hreflang":"en-gb","url":"https:\/\/www.kaspersky.co.uk\/blog\/chrome-extension-security-validation\/29747\/"},{"hreflang":"es-mx","url":"https:\/\/latam.kaspersky.com\/blog\/chrome-extension-security-validation\/28795\/"},{"hreflang":"es","url":"https:\/\/www.kaspersky.es\/blog\/chrome-extension-security-validation\/31684\/"},{"hreflang":"it","url":"https:\/\/www.kaspersky.it\/blog\/chrome-extension-security-validation\/30323\/"},{"hreflang":"ru","url":"https:\/\/www.kaspersky.ru\/blog\/chrome-extension-security-validation\/40914\/"},{"hreflang":"x-default","url":"https:\/\/www.kaspersky.com\/blog\/chrome-extension-security-validation\/54795\/"},{"hreflang":"fr","url":"https:\/\/www.kaspersky.fr\/blog\/chrome-extension-security-validation\/23425\/"},{"hreflang":"de","url":"https:\/\/www.kaspersky.de\/blog\/chrome-extension-security-validation\/32947\/"},{"hreflang":"en-au","url":"https:\/\/www.kaspersky.com.au\/blog\/chrome-extension-security-validation\/35680\/"},{"hreflang":"en-za","url":"https:\/\/www.kaspersky.co.za\/blog\/chrome-extension-security-validation\/35308\/"}],"acf":[],"banners":"","maintag":{"url":"https:\/\/www.kaspersky.com.tr\/blog\/tag\/tarayicilar\/","name":"taray\u0131c\u0131lar"},"_links":{"self":[{"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/posts\/14048","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/users\/2722"}],"replies":[{"embeddable":true,"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/comments?post=14048"}],"version-history":[{"count":3,"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/posts\/14048\/revisions"}],"predecessor-version":[{"id":14051,"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/posts\/14048\/revisions\/14051"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/media\/14049"}],"wp:attachment":[{"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/media?parent=14048"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/categories?post=14048"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/tags?post=14048"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}