Vulnerability Description
Google Chrome before 40.0.2214.91, when the Harmony proxy in Google V8 is enabled, allows remote attackers to bypass the Same Origin Policy via crafted JavaScript code with Proxy.create and console.log calls, related to HTTP responses that lack an "X-Content-Type-Options: nosniff" header.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Chrome | <= 40.0.2214.85 | |
| Chromium | Chromium | 40.0.2214.110 |
| Redhat | Enterprise Linux Desktop Supplementary | 6.0 |
| Redhat | Enterprise Linux Server Supplementary | 6.0 |
| Redhat | Enterprise Linux Server Supplementary Eus | 6.6.z |
| Redhat | Enterprise Linux Workstation Supplementary | 6.0 |
| Opensuse | Opensuse | 13.1 |
Related Weaknesses (CWE)
References
- http://googlechromereleases.blogspot.com/2015/01/stable-update.html
- http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00005.html
- http://rhn.redhat.com/errata/RHSA-2015-0093.html
- http://secunia.com/advisories/62383
- http://secunia.com/advisories/62665
- http://security.gentoo.org/glsa/glsa-201502-13.xml
- http://www.securityfocus.com/bid/72288
- http://www.securitytracker.com/id/1031623
- https://code.google.com/p/chromium/issues/detail?id=399951
- http://googlechromereleases.blogspot.com/2015/01/stable-update.html
- http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00005.html
- http://rhn.redhat.com/errata/RHSA-2015-0093.html
- http://secunia.com/advisories/62383
- http://secunia.com/advisories/62665
- http://security.gentoo.org/glsa/glsa-201502-13.xml
FAQ
What is CVE-2014-7939?
CVE-2014-7939 is a vulnerability with a CVSS score of 4.3 (MEDIUM). Google Chrome before 40.0.2214.91, when the Harmony proxy in Google V8 is enabled, allows remote attackers to bypass the Same Origin Policy via crafted JavaScript code with Proxy.create and console.lo...
How severe is CVE-2014-7939?
CVE-2014-7939 has been rated MEDIUM with a CVSS base score of 4.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2014-7939?
Check the references section above for vendor advisories and patch information. Affected products include: Google Chrome, Chromium Chromium, Redhat Enterprise Linux Desktop Supplementary, Redhat Enterprise Linux Server Supplementary, Redhat Enterprise Linux Server Supplementary Eus.