CVE-2014-7939

Google Chrome before 40.0.2214.91, when the Harmony proxy in Google V8 is enabled, allows remote attackers to bypass the Same Origin Policy via crafted JavaScript code with Proxy.create and console.log calls, related to HTTP responses that lack an "X-Content-Type-Options: nosniff" header.

Published: Jan 22, 2015
Updated: Apr 13, 2023
CVE: CVE-2014-7939
Severity: Low
Exploit:

CVSS v2:

Severity: Low
Score: 4.3
AV:N/AC:M/Au:N/C:N/I:P/A:N

CWEs:

CWE-264

Affected Software
References

Software	From	Fixed in
google / chrome	-	40.0.2214.85.x
chromium / chromium	40.0.2214.110	40.0.2214.110.x
redhat / enterprise_linux_desktop_supplementary	6.0	6.0.x
redhat / enterprise_linux_server_supplementary	6.0	6.0.x
redhat / enterprise_linux_workstation_supplementary	6.0	6.0.x
redhat / enterprise_linux_server_supplementary_eus	6.6.z	6.6.z.x
opensuse / opensuse	13.1	13.1.x
opensuse / opensuse	13.2	13.2.x

http://googlechromereleases.blogspot.com/2015/01/stable-update.html
http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00005.html
http://rhn.redhat.com/errata/RHSA-2015-0093.html
http://secunia.com/advisories/62383
http://secunia.com/advisories/62665
http://security.gentoo.org/glsa/glsa-201502-13.xml
http://www.securityfocus.com/bid/72288
http://www.securitytracker.com/id/1031623
https://code.google.com/p/chromium/issues/detail?id=399951

Vulnerability Database

289,697

CVE-2014-7939