Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2014-7939

Overview

Vulnerability Score 4.3 4.3
CVE Id CVE-2014-7939
Last Modified 11 Mar 2015 10:00:51
Published 22 Jan 2015 05:59:20
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2014-7939

Summary

Google Chrome before 40.0.2214.91, when the Harmony proxy in Google V8 is enabled, allows remote attackers to bypass the Same Origin Policy via crafted JavaScript code with Proxy.create and console.log calls, related to HTTP responses that lack an "X-Content-Type-Options: nosniff" header.

Vulnerable Systems

Application

  • Google Chrome 40.0.2214.85


References

CONFIRM - https://code.google.com/p/chromium/issues/detail?id=399951

CONFIRM - http://googlechromereleases.blogspot.com/2015/01/stable-update.html

GENTOO - GLSA-201502-13

REDHAT - RHSA-2015:0093

BID - 72288

SUSE - openSUSE-SU-2015:0441


Last Updated: 27 May 2016 10:55:47