CVE-2014-7939
Summary
| CVE | CVE-2014-7939 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2015-01-22 22:59:00 UTC |
| Updated | 2023-11-07 02:22:00 UTC |
| Description | Google Chrome before 40.0.2214.91, when the Harmony proxy in Google V8 is enabled, allows remote attackers to bypass the Same Origin Policy via crafted JavaScript code with Proxy.create and console.log calls, related to HTTP responses that lack an "X-Content-Type-Options: nosniff" header. |
Risk And Classification
Problem Types: CWE-264
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Application | Chromium | Chromium | 40.0.2214.110 | All | All | All |
| Application | Chromium | Chromium | 40.0.2214.110 | All | All | All |
| Application | Chrome | All | All | All | All | |
| Operating System | Opensuse | Opensuse | 13.1 | All | All | All |
| Operating System | Opensuse | Opensuse | 13.2 | All | All | All |
| Operating System | Opensuse | Opensuse | 13.1 | All | All | All |
| Operating System | Opensuse | Opensuse | 13.2 | All | All | All |
| Operating System | Redhat | Enterprise Linux Desktop Supplementary | 6.0 | All | All | All |
| Operating System | Redhat | Enterprise Linux Desktop Supplementary | 6.0 | All | All | All |
| Operating System | Redhat | Enterprise Linux Server Supplementary | 6.0 | All | All | All |
| Operating System | Redhat | Enterprise Linux Server Supplementary | 6.0 | All | All | All |
| Operating System | Redhat | Enterprise Linux Server Supplementary Eus | 6.6.z | All | All | All |
| Operating System | Redhat | Enterprise Linux Server Supplementary Eus | 6.6.z | All | All | All |
| Operating System | Redhat | Enterprise Linux Workstation Supplementary | 6.0 | All | All | All |
| Operating System | Redhat | Enterprise Linux Workstation Supplementary | 6.0 | All | All | All |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| Google Chrome 40.0.2214.91 Multiple Security Vulnerabilities | www.securityfocus.com | ||
| Chrome Releases: Stable Channel Update | CONFIRM | googlechromereleases.blogspot.com | Vendor Advisory |
| About Secunia Research | Flexera | secunia.com | ||
| Security Advisory SA62383 - Google Chrome Multiple Vulnerabilities - Secunia | secunia.com | ||
| Gentoo Linux Documentation -- Chromium: Multiple vulnerabilities | GENTOO | security.gentoo.org | |
| Red Hat Customer Portal | rhn.redhat.com | ||
| Issue 399951 - chromium - Security: Cross-origin information leak via ECMAScript harmony proxies - An open-source project to help move the web forward. - Google Project Hosting | code.google.com | ||
| [security-announce] openSUSE-SU-2015:0441-1: important: Security update | SUSE | lists.opensuse.org | |
| Google Chrome Multiple Bugs Let Remote Users Execute Arbitrary Code and Deny Service - SecurityTracker | SECTRACK | www.securitytracker.com | |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
There are currently no legacy QID mappings associated with this CVE.