Google Chrome before 40.0.2214.91, when the Harmony proxy in Google V8 is enabled, allows remote attackers to bypass the Same Origin Policy via crafted JavaScript code with Proxy.create and console.log calls, related to HTTP responses that lack an "X-Content-Type-Options: nosniff" header.
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: Chrome

Published: 2015-01-22T22:00:00

Updated: 2024-08-06T13:03:27.670Z

Reserved: 2014-10-06T00:00:00

Link: CVE-2014-7939

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2015-01-22T22:59:20.117

Modified: 2024-11-21T02:18:18.487

Link: CVE-2014-7939

cve-icon Redhat

Severity : Important

Publid Date: 2015-01-21T00:00:00Z

Links: CVE-2014-7939 - Bugzilla