CVE-2014-7939
N/A
N/A
Summary
Google Chrome before 40.0.2214.91, when the Harmony proxy in Google V8 is enabled, allows remote attackers to bypass the Same Origin Policy via crafted JavaScript code with Proxy.create and console.log calls, related to HTTP responses that lack an "X-Content-Type-Options: nosniff" header.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| n/a | n/a | n/a | affected |
Weaknesses
- n/a
ADP Enrichment
CVE Program Container
Additional References
- http://secunia.com/advisories/62665
- http://googlechromereleases.blogspot.com/2015/01/stable-update.html
- http://www.securityfocus.com/bid/72288
- http://security.gentoo.org/glsa/glsa-201502-13.xml
- http://www.securitytracker.com/id/1031623
- http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00005.html
- http://rhn.redhat.com/errata/RHSA-2015-0093.html
- http://secunia.com/advisories/62383
- https://code.google.com/p/chromium/issues/detail?id=399951
References
- http://secunia.com/advisories/62665
- http://googlechromereleases.blogspot.com/2015/01/stable-update.html
- http://www.securityfocus.com/bid/72288
- http://security.gentoo.org/glsa/glsa-201502-13.xml
- http://www.securitytracker.com/id/1031623
- http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00005.html
- http://rhn.redhat.com/errata/RHSA-2015-0093.html
- http://secunia.com/advisories/62383
- https://code.google.com/p/chromium/issues/detail?id=399951
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.