Kwanan nan Kaspersky ya gano wani sabon amfani wanda yayi amfani da kuskuren da ba a sani ba a cikin Chrome, wanda Google ya tabbatar akwai rashin lafiyar-sifili a cikin burauz ɗinka kuma cewa an riga an tsara shi azaman BAKU-2019-13720.
Wannan yanayin rauni ana iya amfani dashi ta amfani da hari ta amfani da allura mai kama da wani hari na "Ramin Ruwa". Wannan nau'in harin yana nufin mai farauta wanda, maimakon neman abin farauta, ya fi so ya jira a wurin da yake da tabbacin zai zo (a wannan yanayin, a cikin wurin shan ruwa).
Tunda an gano harin ne a wata tashar bayanai ta Koriya, wanda a ciki aka shigar da lambar JavaScript mai ɓarna a cikin babban shafi, wanda hakan ke loda rubutun aiki daga wani shafi mai nisa.
An saka ƙaramin saƙo na lambar JavaScript a cikin shafin yanar gizon wanda aka loda rubutun nesa daga code.jquery.cdn.bahindcorona
Rubutun sai ya loda wani rubutun. Wannan rubutun yana bincika idan tsarin wanda aka cutar zai iya kamuwa ta hanyar yin kwatankwaci da wakilin mai amfani da burauzar, wanda dole ne ya gudana akan sigar Windows 64-bit kuma ba tsarin WOW64 bane.
Har ila yau yi ƙoƙari don samun suna da sigar mai bincike. Rashin lafiyar yana ƙoƙari ya yi amfani da ɓarna a cikin burauzar Google Chrome kuma rubutun yana bincika idan sigar ta fi girma ko daidai da 65 (nau'in Chrome na yanzu 78 ne).
Sigar Chrome tana tabbatar da rubutaccen farfesa. Idan sigar binciken ta inganta, rubutun zai fara aiwatar da jerin buƙatun AJAX a kan sabar da maharan ke sarrafawa, inda sunan hanyar ya nuna jayayya da aka wuce zuwa rubutun.
Fata ta farko ta zama dole don mahimman bayanai don amfani daga baya. Wannan bayanin ya hada da kirtani masu rikodin sheda da yawa wadanda suke fada wa rubutun adadin yawan adadin lambar amfani da gaske don zazzagewa daga sabar, da kuma URL ga fayil ɗin hoto wanda ya haɗa maɓalli don lodawa ta ƙarshe da maɓallin RC4 don ƙaddamar da ɓangarorin lambar. na amfani.
Mafi yawan lambar yana amfani da azuzuwan daban daban masu alaƙa da wani ɓangaren mai bincike mai rauni. Tunda har yanzu ba a gyara wannan kwaron ba a lokacin rubuce-rubuce, Kaspersky ya yanke shawarar ba zai haɗa da cikakkun bayanai game da takamaiman abin da ke cikin rauni ba.
Akwai wasu manyan tebur tare da lambobin da ke wakiltar toshe lambar kwalliya da hoton PE da aka saka.
Amfani da shi anyi amfani da kuskuren yanayin tsere tsakanin zaren biyu saboda rashin dacewar lokacin tsakanin su. Wannan yana bawa maharin yanayin hatsari mai matukar amfani-bayan-saki (UaF) saboda yana iya haifar da yanayin aiwatar da lambar, wanda shine ainihin abin da ke faruwa a wannan yanayin.
Amfani da farko yayi ƙoƙari ya sanya UaF rasa mahimman bayanai Adireshin 64-bit (kamar alama). Wannan yana haifar da abubuwa da yawa:
- idan aka bayyana adireshin cikin nasara, hakan yana nufin amfani da shi yana aiki daidai
- ana amfani da adireshin da aka bayyana don gano inda tarin / tari yake kuma hakan ya rinjayi dabarar Tsarin Tsarin Tsarin Tsarin Tsarin Tsarin Tsarin Tsarin Yanayi (ASLR)
- za a iya gano wasu wasu alamomi masu amfani don ci gaba da amfani ta hanyar duba kusa da wannan hanyar.
Bayan haka, kuna ƙoƙarin ƙirƙirar babban rukuni na abubuwa ta amfani da aikin maimaitawa. Ana yin wannan don ƙirƙirar tsaran tsibiri, wanda ke da mahimmanci don cin nasara.
A lokaci guda kuna ƙoƙari ku yi amfani da dabarun feshi mai tsada wanda ke nufin sake amfani da wannan alamar da aka saki a baya a ɓangaren UaF.
Ana iya amfani da wannan dabarar don rikitawa da bawa maharin ikon yin aiki akan abubuwa daban-daban guda biyu (daga ra'ayi na JavaScript), kodayake a zahiri suna cikin yankin ƙwaƙwalwar guda.
Google ya fitar da sabunta Chrome wanda ke gyara aibi a kan Windows, macOS, da Linux, kuma ana ƙarfafa masu amfani da su sabunta zuwa samfurin Chrome na 78.0.3904.87.