CVE-2014-7939
Last modified
CVE-2014-7939 is a vulnerability of currently unknown severity. Google Chrome before 40.0.2214.91, when the Harmony proxy in Google V8 is enabled, allows remote attackers to bypass the Same Origin Policy via crafted JavaScript code with Proxy.create and console.log calls, related to HTTP responses that lack an "X-Content-Type-Options: nosniff" header.. EPSS estimates a 2.56% chance of exploitation in the next 30 days.
Description
Google Chrome before 40.0.2214.91, when the Harmony proxy in Google V8 is enabled, allows remote attackers to bypass the Same Origin Policy via crafted JavaScript code with Proxy.create and console.log calls, related to HTTP responses that lack an "X-Content-Type-Options: nosniff" header.
Metrics
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Chrome | <= 40.0.2214.85 | |
| Chromium | Chromium | 40.0.2214.110 |
| Redhat | Enterprise Linux Desktop Supplementary | 6.0 |
| Redhat | Enterprise Linux Server Supplementary | 6.0 |
| Redhat | Enterprise Linux Server Supplementary Eus | 6.6.z |
| Redhat | Enterprise Linux Workstation Supplementary | 6.0 |
| Opensuse | Opensuse | 13.1 |
| Opensuse | Opensuse | 13.2 |
References
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2014-7939?
How severe is CVE-2014-7939?
How do I fix CVE-2014-7939?
Are you affected by CVE-2014-7939?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST