Muva nje, UKaspersky uthole ukuxhashazwa okusha okusizakale ngephutha elingaziwa ku-Chrome, iGoogle ekuqinisekisile ukuthi ikhona ukuba sengozini kosuku olungu-zero esipheqululini sakho nokuthi sesivele senziwe ikhathalogu njenge I-CVE-2019-13720.
Lokhu kuba sengozini ingaxhashazwa kusetshenziswa ukuhlasela kusetshenziswa umjovo ofana ne- ukuhlaselwa kwe- "Ukunisela iHole". Lolu hlobo lokuhlaselwa lubhekisa kumzingeli okuthi, esikhundleni sokufuna inyamazane, uncamela ukulinda endaweni lapho kuqinisekile ukuthi izofika khona (kulokhu, endaweni yokuphuza amanzi).
Kusukela ukuhlaselwa kwatholakala engxenyeni yolwazi ngesiKorea, lapho kufakwe khona ikhodi enonya yeJavaScript ekhasini eliyinhloko, nalo elilayisha iskripthi esivela kusayithi elikude.
Ukufaka okuncane kwekhodi yeJavaScript kwafakwa enkombeni yekhasi lewebhu elayishe iskripthi esikude kusuka ku- ikhodi.jquery.cdn.behindcorona
Iskripthi bese silayisha omunye umbhalo. Lo mbhalo ubheka ukuthi ngabe uhlelo lwesisulu lungatheleleka ngokwenza ukuqhathanisa nomenzeli womsebenzisi wesiphequluli, okumele ngabe sisebenza kunguqulo engu-64-bit yeWindows futhi hhayi inqubo ye-WOW64.
Futhi zama ukuthola igama nenguqulo yesiphequluli. Ukuba sengozini kuzama ukuxhaphaza isiphazamisi esipheqululini se-Google Chrome bese iskripthi sihlola ukuthi ingabe inguqulo inkulu noma ilingana nama-65 (inguqulo yamanje ye-Chrome ingama-78).
Inguqulo ye-Chrome iqinisekisa iskripthi sokuphrinta. Uma inguqulo yesiphequluli iqinisekisiwe, iskripthi siqala ukwenza uchungechunge lwezicelo ze-AJAX kuseva elawulwa ngumhlaseli, lapho igama lendlela likhomba kwingxabano edluliselwe kuskripthi.
Isicelo sokuqala siyadingeka ngolwazi olubalulekile oluzosetshenziswa kamuva. Lolu lwazi lubandakanya izintambo ezifakiwe eziningi ze-hex ezitshela iskripthi ukuthi zingaki iziqephu zekhodi yokuxhaphaza yangempela ongayilanda kusuka kuseva, kanye ne-URL efayeleni lesithombe efaka ukhiye wokulayisha kokugcina kanye nokhiye we-RC4 ukuze ushumpule iziqephu ze- ikhodi. yokuxhashazwa.
Iningi lekhodi isebenzisa amakilasi ahlukahlukene ahlobene nengxenye ethile yesiphequluli esengozini. Njengoba le bug yayingakalungiswa ngesikhathi sokubhala, uKaspersky uthathe isinqumo sokungafaki imininingwane mayelana nengxenye ethile esengozini.
Kunamatafula amakhulu anezinombolo ezimele i-shellcode block nesithombe se-PE esishumekiwe.
Ukuxhaphaza kusebenzise iphutha lesimo somjaho phakathi kwemicu emibili ngenxa yokushoda kwesikhathi esifanele phakathi kwazo. Lokhu kunikeza umhlaseli isimo esiyingozi kakhulu sokusebenzisa ngemuva kokukhishwa (i-UaF) ngoba kungaholela ezimweni zokwenza ikhodi, okuyikho kanye okwenzekayo kuleli cala.
Ukuxhaphaza kuqala kuzama ukwenza i-UaF ilahle imininingwane ebalulekile Ikheli elingu-64-bit (njengesikhombi). Lokhu kubangela izinto eziningana:
- uma ikheli lidalulwa ngempumelelo, kusho ukuthi ukuxhashazwa kusebenza kahle
- ikheli eliveziwe lisetshenziselwa ukuthola ukuthi inqwaba / isitaki sitholakala kuphi futhi seqa inqubo ye-Address Space Format Randomization (ASLR)
- ezinye izikhombisi eziwusizo zokuxhashazwa okuqhubekayo zingatholakala ngokubheka eduze kwalesi siqondiso.
Ngemuva kwalokho, uzama ukudala iqembu elikhulu lezinto usebenzisa umsebenzi ophindayo. Lokhu kwenzelwa ukudala ukuhlelwa kwenqwaba kokunquma, okubalulekile ekusetshenzisweni ngempumelelo.
Ngasikhathi sinye, uzama ukusebenzisa inqubo yokufafaza inqwaba ehlose ukusebenzisa kabusha isikhombisi esifanayo esasikhishwe phambilini engxenyeni ye-UaF.
Leli qhinga lingasetshenziselwa ukudida futhi linikeze umhlaseli amandla okusebenza ezintweni ezimbili ezihlukile (kusuka endaweni yokubuka yeJavaScript), noma ngabe zisendaweni efanayo yememori.
I-Google ikhiphe isibuyekezo se-Chrome elungisa iphutha ku-Windows, i-MacOS, ne-Linux, futhi abasebenzisi bayakhuthazwa ukuthi bavuselele ku-Chrome version 78.0.3904.87.