{"api_version":"1","generated_at":"2026-04-23T07:55:51+00:00","cve":"CVE-2014-7939","urls":{"html":"https://cve.report/CVE-2014-7939","api":"https://cve.report/api/cve/CVE-2014-7939.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2014-7939","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2014-7939"},"summary":{"title":"CVE-2014-7939","description":"Google Chrome before 40.0.2214.91, when the Harmony proxy in Google V8 is enabled, allows remote attackers to bypass the Same Origin Policy via crafted JavaScript code with Proxy.create and console.log calls, related to HTTP responses that lack an \"X-Content-Type-Options: nosniff\" header.","state":"PUBLIC","assigner":"security@google.com","published_at":"2015-01-22 22:59:00","updated_at":"2023-11-07 02:22:00"},"problem_types":["CWE-264"],"metrics":[],"references":[{"url":"http://www.securityfocus.com/bid/72288","name":"72288","refsource":"","tags":[],"title":"Google Chrome 40.0.2214.91 Multiple Security Vulnerabilities","mime":"text/html","httpstatus":"200","archivestatus":"0"},{"url":"http://googlechromereleases.blogspot.com/2015/01/stable-update.html","name":"http://googlechromereleases.blogspot.com/2015/01/stable-update.html","refsource":"CONFIRM","tags":["Vendor Advisory"],"title":"Chrome Releases: Stable Channel Update","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://secunia.com/advisories/62665","name":"62665","refsource":"","tags":[],"title":"About Secunia Research | Flexera","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://secunia.com/advisories/62383","name":"62383","refsource":"","tags":[],"title":"Security Advisory SA62383 - Google Chrome Multiple Vulnerabilities - Secunia","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://security.gentoo.org/glsa/glsa-201502-13.xml","name":"GLSA-201502-13","refsource":"GENTOO","tags":[],"title":"Gentoo Linux Documentation\n--\n  Chromium: Multiple vulnerabilities","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://rhn.redhat.com/errata/RHSA-2015-0093.html","name":"RHSA-2015:0093","refsource":"","tags":[],"title":"Red Hat Customer Portal","mime":"text/html","httpstatus":"-1","archivestatus":"200"},{"url":"https://code.google.com/p/chromium/issues/detail?id=399951","name":"https://code.google.com/p/chromium/issues/detail?id=399951","refsource":"","tags":[],"title":"Issue 399951 - \n chromium -\n \n Security: Cross-origin information leak via ECMAScript harmony proxies - \n An open-source project to help move the web forward. - Google Project Hosting","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00005.html","name":"openSUSE-SU-2015:0441","refsource":"SUSE","tags":[],"title":"[security-announce] openSUSE-SU-2015:0441-1: important: Security update","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.securitytracker.com/id/1031623","name":"1031623","refsource":"SECTRACK","tags":[],"title":"Google Chrome Multiple Bugs Let Remote Users Execute Arbitrary Code and Deny Service - SecurityTracker","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://www.cve.org/CVERecord?id=CVE-2014-7939","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2014-7939","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2014","cve_id":"7939","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"chromium","cpe5":"chromium","cpe6":"40.0.2214.110","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2014","cve_id":"7939","vulnerable":"1","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"chromium","cpe5":"chromium","cpe6":"40.0.2214.110","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2014","cve_id":"7939","vulnerable":"1","versionEndIncluding":"40.0.2214.85","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"google","cpe5":"chrome","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2014","cve_id":"7939","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"opensuse","cpe5":"opensuse","cpe6":"13.1","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2014","cve_id":"7939","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"opensuse","cpe5":"opensuse","cpe6":"13.2","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2014","cve_id":"7939","vulnerable":"1","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"opensuse","cpe5":"opensuse","cpe6":"13.1","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2014","cve_id":"7939","vulnerable":"1","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"opensuse","cpe5":"opensuse","cpe6":"13.2","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2014","cve_id":"7939","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"redhat","cpe5":"enterprise_linux_desktop_supplementary","cpe6":"6.0","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2014","cve_id":"7939","vulnerable":"1","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"redhat","cpe5":"enterprise_linux_desktop_supplementary","cpe6":"6.0","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2014","cve_id":"7939","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"redhat","cpe5":"enterprise_linux_server_supplementary","cpe6":"6.0","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2014","cve_id":"7939","vulnerable":"1","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"redhat","cpe5":"enterprise_linux_server_supplementary","cpe6":"6.0","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2014","cve_id":"7939","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"redhat","cpe5":"enterprise_linux_server_supplementary_eus","cpe6":"6.6.z","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2014","cve_id":"7939","vulnerable":"1","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"redhat","cpe5":"enterprise_linux_server_supplementary_eus","cpe6":"6.6.z","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2014","cve_id":"7939","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"redhat","cpe5":"enterprise_linux_workstation_supplementary","cpe6":"6.0","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2014","cve_id":"7939","vulnerable":"1","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"redhat","cpe5":"enterprise_linux_workstation_supplementary","cpe6":"6.0","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[]},"source_records":{"cve_program":{"CVE_data_meta":{"ASSIGNER":"security@google.com","ID":"CVE-2014-7939","STATE":"PUBLIC"},"affects":{"vendor":{"vendor_data":[{"product":{"product_data":[{"product_name":"n/a","version":{"version_data":[{"version_value":"n/a"}]}}]},"vendor_name":"n/a"}]}},"data_format":"MITRE","data_type":"CVE","data_version":"4.0","description":{"description_data":[{"lang":"eng","value":"Google Chrome before 40.0.2214.91, when the Harmony proxy in Google V8 is enabled, allows remote attackers to bypass the Same Origin Policy via crafted JavaScript code with Proxy.create and console.log calls, related to HTTP responses that lack an \"X-Content-Type-Options: nosniff\" header."}]},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"n/a"}]}]},"references":{"reference_data":[{"name":"62665","refsource":"SECUNIA","url":"http://secunia.com/advisories/62665"},{"name":"http://googlechromereleases.blogspot.com/2015/01/stable-update.html","refsource":"CONFIRM","url":"http://googlechromereleases.blogspot.com/2015/01/stable-update.html"},{"name":"72288","refsource":"BID","url":"http://www.securityfocus.com/bid/72288"},{"name":"GLSA-201502-13","refsource":"GENTOO","url":"http://security.gentoo.org/glsa/glsa-201502-13.xml"},{"name":"1031623","refsource":"SECTRACK","url":"http://www.securitytracker.com/id/1031623"},{"name":"openSUSE-SU-2015:0441","refsource":"SUSE","url":"http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00005.html"},{"name":"RHSA-2015:0093","refsource":"REDHAT","url":"http://rhn.redhat.com/errata/RHSA-2015-0093.html"},{"name":"62383","refsource":"SECUNIA","url":"http://secunia.com/advisories/62383"},{"name":"https://code.google.com/p/chromium/issues/detail?id=399951","refsource":"CONFIRM","url":"https://code.google.com/p/chromium/issues/detail?id=399951"}]}},"nvd":{"publishedDate":"2015-01-22 22:59:00","lastModifiedDate":"2023-11-07 02:22:00","problem_types":["CWE-264"],"metrics":{"baseMetricV2":{"cvssV2":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:N/I:P/A:N","accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"PARTIAL","availabilityImpact":"NONE","baseScore":4.3},"severity":"MEDIUM","exploitabilityScore":8.6,"impactScore":2.9,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}},"configurations":{"CVE_data_version":"4.0","nodes":[{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*","versionEndIncluding":"40.0.2214.85","cpe_name":[]}]},{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:chromium:chromium:40.0.2214.110:*:*:*:*:*:*:*","cpe_name":[]}]},{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:redhat:enterprise_linux_desktop_supplementary:6.0:*:*:*:*:*:*:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:redhat:enterprise_linux_server_supplementary:6.0:*:*:*:*:*:*:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:redhat:enterprise_linux_workstation_supplementary:6.0:*:*:*:*:*:*:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:redhat:enterprise_linux_server_supplementary_eus:6.6.z:*:*:*:*:*:*:*","cpe_name":[]}]},{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:opensuse:opensuse:13.1:*:*:*:*:*:*:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:opensuse:opensuse:13.2:*:*:*:*:*:*:*","cpe_name":[]}]}]}},"legacy_mitre":{"record":{"CveYear":"2014","CveId":"7939","Ordinal":"74959","Title":"CVE-2014-7939","CVE":"CVE-2014-7939","Year":"2014"},"notes":[{"CveYear":"2014","CveId":"7939","Ordinal":"1","NoteData":"Google Chrome before 40.0.2214.91, when the Harmony proxy in Google V8 is enabled, allows remote attackers to bypass the Same Origin Policy via crafted JavaScript code with Proxy.create and console.log calls, related to HTTP responses that lack an \"X-Content-Type-Options: nosniff\" header.","Type":"Description","Title":null},{"CveYear":"2014","CveId":"7939","Ordinal":"2","NoteData":"2015-01-22","Type":"Other","Title":"Published"},{"CveYear":"2014","CveId":"7939","Ordinal":"3","NoteData":"2016-12-30","Type":"Other","Title":"Modified"}]}}}