{"id":6607,"date":"2019-11-05T11:46:21","date_gmt":"2019-11-05T08:46:21","guid":{"rendered":"https:\/\/www.kaspersky.com.tr\/blog\/?p=6607"},"modified":"2022-05-05T14:26:43","modified_gmt":"2022-05-05T11:26:43","slug":"google-chrome-zeroday-wizardopium","status":"publish","type":"post","link":"https:\/\/www.kaspersky.com.tr\/blog\/google-chrome-zeroday-wizardopium\/6607\/","title":{"rendered":"Chrome, s\u0131f\u0131r g\u00fcn hedefinde"},"content":{"rendered":"

\u00dcr\u00fcnlerimizdeki Kaspersky Exploit Prevention alt sistemi sayesinde yak\u0131n bir zaman \u00f6nce Google Chrome taray\u0131c\u0131s\u0131ndaki bir g\u00fcvenlik a\u00e7\u0131\u011f\u0131n\u0131 k\u00f6t\u00fcye kullanarak sald\u0131rganlar\u0131n bilgisayarlara yetkisiz eri\u015fmesini sa\u011flayan k\u00f6t\u00fc ama\u00e7l\u0131 bir program tespit ettik. Bu program, geli\u015ftiricilerin hen\u00fcz fark etmedi\u011fi bir g\u00fcvenlik a\u00e7\u0131\u011f\u0131 olan s\u0131f\u0131r g\u00fcn g\u00fcvenlik a\u00e7\u0131\u011f\u0131n\u0131 kullan\u0131yor. G\u00fcvenlik a\u00e7\u0131\u011f\u0131, CVE-2019-13720 olarak tan\u0131mland\u0131.<\/p>\n

Bu a\u00e7\u0131\u011f\u0131 Google\u2019a bildirdik ve Google son Chrome g\u00fcncellemesinde<\/a> bu a\u00e7\u0131\u011f\u0131 giderdi. Yaz\u0131da bu g\u00fcvenlik a\u00e7\u0131\u011f\u0131n\u0131 kullanan sald\u0131r\u0131n\u0131n nas\u0131l ger\u00e7ekle\u015ftirildi\u011fini anlat\u0131yoruz.<\/p>\n

WizardOpium: Korece k\u00f6t\u00fc haber<\/h2>\n

WizardOpium Operasyonu olarak adland\u0131rd\u0131\u011f\u0131m\u0131z bu sald\u0131r\u0131lar, sald\u0131rganlar\u0131n k\u00f6t\u00fc ama\u00e7l\u0131 kod yerle\u015ftirdi\u011fi bir Kore haber sitesinde ba\u015flad\u0131. Sald\u0131rganlar\u0131n yerle\u015ftirdi\u011fi bu k\u00f6t\u00fc ama\u00e7l\u0131 kod sistemin vir\u00fcs i\u00e7in uygun olup olmad\u0131\u011f\u0131n\u0131 ve kullan\u0131c\u0131n\u0131n hangi taray\u0131c\u0131y\u0131 kulland\u0131\u011f\u0131n\u0131 kontrol etmek i\u00e7in \u00fc\u00e7\u00fcnc\u00fc taraf bir siteden bir komut dosyas\u0131 y\u00fckl\u00fcyor (siber sald\u0131rganlar Windows i\u00e7in Chrome\u2019un 65. s\u00fcr\u00fcm\u00fcnden eski olmayan s\u00fcr\u00fcmleriyle ilgileniyor).<\/p>\n

\u0130\u015fletim sistemi ve taray\u0131c\u0131, gereksinimleri kar\u015f\u0131lad\u0131\u011f\u0131 takdirde komut dosyas\u0131 k\u00f6t\u00fc ama\u00e7l\u0131 yaz\u0131l\u0131m\u0131 par\u00e7a par\u00e7a indirip birle\u015ftiriyor ve de\u015fifre ediyor. G\u00fcvenlik a\u00e7\u0131\u011f\u0131ndan faydalanan k\u00f6t\u00fc ama\u00e7l\u0131 yaz\u0131l\u0131m\u0131n yapt\u0131\u011f\u0131 ilk \u015fey, Chrome\u2019un s\u00fcr\u00fcm\u00fcn\u00fc bir kez daha kontrol etmek oluyor. Bu a\u015famada yaz\u0131l\u0131m, daha da se\u00e7ici hale geliyor ve yaln\u0131zca Chrome 76 veya 77 ile \u00e7al\u0131\u015f\u0131yor. Belki siber su\u00e7lular taray\u0131c\u0131n\u0131n farkl\u0131 s\u00fcr\u00fcmleri i\u00e7in farkl\u0131 ara\u00e7lara sahip olabilirler fakat bunu kesin olarak s\u00f6yleyemiyoruz.<\/p>\n

G\u00fcvenlik a\u00e7\u0131\u011f\u0131n\u0131 k\u00f6t\u00fcye kullanan program, istedi\u011fi \u015feyi buldu\u011fundan emin oldu\u011funda bilgisayar belle\u011finin uygunsuz kullan\u0131m\u0131na dayal\u0131 bir \u201cuse-after-free\u201d g\u00fcvenlik a\u00e7\u0131\u011f\u0131 olan CVE-2019-13720\u2019den faydalanmaya \u00e7al\u0131\u015f\u0131yor. Program, belle\u011fi y\u00f6nlendirerek cihazda veri okuma ve yazma izni elde ediyor ve bu izni hemen k\u00f6t\u00fc ama\u00e7l\u0131 yaz\u0131l\u0131m\u0131 indirmek, de\u015fifre etmek ve \u00e7al\u0131\u015ft\u0131rmak i\u00e7in kullan\u0131yor. \u0130kincisi kullan\u0131c\u0131ya g\u00f6re de\u011fi\u015febiliyor.<\/p>\n

Kaspersky \u00fcr\u00fcnleri, g\u00fcvenlik a\u00e7\u0131\u011f\u0131n\u0131 k\u00f6t\u00fcye kullanan bu program\u0131 Exploit.Win32.Generic karar\u0131yla tespit ediyor. Securelist g\u00f6nderisinde<\/a> konuyla ilgili daha fazla teknik ayr\u0131nt\u0131 bulabilirsiniz.<\/p>\n

Chrome\u2019u G\u00fcncelleyin<\/h3>\n

Kore haber sitelerinde gezinmiyor olsan\u0131z bile Chrome\u2019u hemen 78.0.3904.87 s\u00fcr\u00fcm\u00fcne g\u00fcncellemenizi \u00f6neriyoruz. Bu g\u00fcvenlik a\u00e7\u0131\u011f\u0131n\u0131 k\u00f6t\u00fcye kullanan bir yaz\u0131l\u0131m\u0131n olmas\u0131, ba\u015fka k\u00f6t\u00fc ama\u00e7l\u0131 yaz\u0131l\u0131mlar\u0131n da olabilece\u011fi anlam\u0131na geliyor. \u00d6yle ki g\u00fcvenlik a\u00e7\u0131\u011f\u0131n\u0131n ayr\u0131nt\u0131lar\u0131n\u0131n serbest dola\u015f\u0131ma girmesinden hemen sonra b\u00fcy\u00fck olas\u0131l\u0131kla ger\u00e7ekle\u015fecek olan da bu.<\/p>\n

Google; Windows, macOS ve Linux i\u00e7in bir Chrome g\u00fcncellemesi yay\u0131nlad\u0131. Chrome otomatik olarak g\u00fcncelleniyor ve sadece taray\u0131c\u0131y\u0131 yeniden ba\u015flatman\u0131z yeterli oluyor.<\/p>\n

Fakat emin olmak i\u00e7in g\u00fcncellemenin kurulu olup olmad\u0131\u011f\u0131n\u0131 kontrol edin. Kontrol etmek i\u00e7in taray\u0131c\u0131n\u0131n sa\u011f \u00fcst k\u00f6\u015fesinde yer alan dikey \u00fc\u00e7 noktaya t\u0131klay\u0131n (\u201cGoogle Chrome\u2019u \u00f6zelle\u015ftirin ve kontrol edin\u201d) ve Yard\u0131m \u2192 Google Chrome Hakk\u0131nda<\/em>\u2018y\u0131 se\u00e7in. Burada g\u00f6r\u00fcnen numara 78.0.3904.87 veya \u00fczeriyse her \u015fey yolunda demektir. De\u011filse, Chrome mevcut g\u00fcncellemeleri aramaya ve kurmaya ba\u015flayacak (solda d\u00f6nen bir yuvarlak g\u00f6receksiniz) ve birka\u00e7 saniye sonra ekranda son s\u00fcr\u00fcm\u00fcn numaras\u0131 g\u00f6r\u00fcnecektir: Yeniden Ba\u015flat<\/em> \u2018a t\u0131klay\u0131n.<\/p>\n\n","protected":false},"excerpt":{"rendered":"

Sald\u0131rganlar taraf\u0131ndan k\u00f6t\u00fcye kullan\u0131lan bir Chrome g\u00fcvenlik a\u00e7\u0131\u011f\u0131 i\u00e7in yama yay\u0131nland\u0131. Taray\u0131c\u0131n\u0131z\u0131 hemen g\u00fcncellemenizi \u00f6neriyoruz.<\/p>\n","protected":false},"author":2706,"featured_media":6608,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[1287,1351],"tags":[16,1737,22,790,2053,2052,1749,2054],"class_list":{"0":"post-6607","1":"post","2":"type-post","3":"status-publish","4":"format-standard","5":"has-post-thumbnail","7":"category-news","8":"category-threats","9":"tag-chrome","10":"tag-cve","11":"tag-google","12":"tag-guvenlik-aciklari","13":"tag-hedef-gozeten-saldirlar","14":"tag-kotuye-kullanim","15":"tag-tarayicilar","16":"tag-wizardopium"},"hreflang":[{"hreflang":"tr","url":"https:\/\/www.kaspersky.com.tr\/blog\/google-chrome-zeroday-wizardopium\/6607\/"},{"hreflang":"en-in","url":"https:\/\/www.kaspersky.co.in\/blog\/google-chrome-zeroday-wizardopium\/16856\/"},{"hreflang":"en-ae","url":"https:\/\/me-en.kaspersky.com\/blog\/google-chrome-zeroday-wizardopium\/14232\/"},{"hreflang":"ar","url":"https:\/\/me.kaspersky.com\/blog\/google-chrome-zeroday-wizardopium\/6568\/"},{"hreflang":"en-us","url":"https:\/\/usa.kaspersky.com\/blog\/google-chrome-zeroday-wizardopium\/18828\/"},{"hreflang":"en-gb","url":"https:\/\/www.kaspersky.co.uk\/blog\/google-chrome-zeroday-wizardopium\/16875\/"},{"hreflang":"es-mx","url":"https:\/\/latam.kaspersky.com\/blog\/google-chrome-zeroday-wizardopium\/15636\/"},{"hreflang":"es","url":"https:\/\/www.kaspersky.es\/blog\/google-chrome-zeroday-wizardopium\/19560\/"},{"hreflang":"it","url":"https:\/\/www.kaspersky.it\/blog\/google-chrome-zeroday-wizardopium\/18194\/"},{"hreflang":"ru","url":"https:\/\/www.kaspersky.ru\/blog\/google-chrome-zeroday-wizardopium\/23925\/"},{"hreflang":"x-default","url":"https:\/\/www.kaspersky.com\/blog\/google-chrome-zeroday-wizardopium\/29126\/"},{"hreflang":"fr","url":"https:\/\/www.kaspersky.fr\/blog\/google-chrome-zeroday-wizardopium\/12486\/"},{"hreflang":"pt-br","url":"https:\/\/www.kaspersky.com.br\/blog\/google-chrome-zeroday-wizardopium\/12501\/"},{"hreflang":"pl","url":"https:\/\/plblog.kaspersky.com\/google-chrome-zeroday-wizardopium\/11389\/"},{"hreflang":"de","url":"https:\/\/www.kaspersky.de\/blog\/google-chrome-zeroday-wizardopium\/20442\/"},{"hreflang":"ja","url":"https:\/\/blog.kaspersky.co.jp\/google-chrome-zeroday-wizardopium\/24413\/"},{"hreflang":"nl","url":"https:\/\/www.kaspersky.nl\/blog\/google-chrome-zeroday-wizardopium\/24337\/"},{"hreflang":"ru-kz","url":"https:\/\/blog.kaspersky.kz\/google-chrome-zeroday-wizardopium\/19299\/"},{"hreflang":"en-au","url":"https:\/\/www.kaspersky.com.au\/blog\/google-chrome-zeroday-wizardopium\/23611\/"},{"hreflang":"en-za","url":"https:\/\/www.kaspersky.co.za\/blog\/google-chrome-zeroday-wizardopium\/23459\/"}],"acf":[],"banners":"","maintag":{"url":"https:\/\/www.kaspersky.com.tr\/blog\/tag\/chrome\/","name":"Chrome"},"_links":{"self":[{"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/posts\/6607","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/users\/2706"}],"replies":[{"embeddable":true,"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/comments?post=6607"}],"version-history":[{"count":5,"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/posts\/6607\/revisions"}],"predecessor-version":[{"id":6703,"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/posts\/6607\/revisions\/6703"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/media\/6608"}],"wp:attachment":[{"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/media?parent=6607"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/categories?post=6607"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/tags?post=6607"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}