CVE-2014-7939

Published: Jan 22, 2015Modified: May 6, 2026

4.3

Vector

AV:N/AC:M/Au:N/C:N/I:P/A:N

Exploitability: 8.6 / Impact: 2.9

Source: NVD

Description

Google Chrome before 40.0.2214.91, when the Harmony proxy in Google V8 is enabled, allows remote attackers to bypass the Same Origin Policy via crafted JavaScript code with Proxy.create and console.log calls, related to HTTP responses that lack an "X-Content-Type-Options: nosniff" header.

Affected (8)

Products: Google: Chrome · Chromium: Chromium · Redhat: Enterprise Linux Desktop Supplementary, Enterprise Linux Server Supplementary, Enterprise Linux Server Supplementary Eus, Enterprise Linux Workstation Supplementary · +1 more

Show all products

Google: Chrome · Chromium: Chromium · Redhat: Enterprise Linux Desktop Supplementary, Enterprise Linux Server Supplementary, Enterprise Linux Server Supplementary Eus, Enterprise Linux Workstation Supplementary · Opensuse: Opensuse

1 product

1 product

4 products

Enterprise Linux Desktop Supplementary

Enterprise Linux Server Supplementary

Enterprise Linux Server Supplementary Eus

Enterprise Linux Workstation Supplementary

Opensuse

1 product

Opensuse

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Google Chrome	Up to 40.0.2214.85

Configuration B

1 vulnerable

Vulnerable Software	Affected Versions
Chromium Chromium	Version 40.0.2214.110

Configuration C

4 vulnerable

Vulnerable Software	Affected Versions
Redhat Enterprise Linux Desktop Supplementary	Version 6.0
Redhat Enterprise Linux Server Supplementary	Version 6.0
Redhat Enterprise Linux Server Supplementary Eus	Version 6.6.z
Redhat Enterprise Linux Workstation Supplementary	Version 6.0