Google Chrome before 40.0.2214.91, when the Harmony proxy in Google V8 is enabled, allows remote attackers to bypass the Same Origin Policy via crafted JavaScript code with Proxy.create and console.log calls, related to HTTP responses that lack an "X-Content-Type-Options: nosniff" header.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: Chrome
Published: 2015-01-22T22:00:00
Updated: 2024-08-06T13:03:27.670Z
Reserved: 2014-10-06T00:00:00
Link: CVE-2014-7939
Vulnrichment
No data.
NVD
Status : Modified
Published: 2015-01-22T22:59:20.117
Modified: 2024-11-21T02:18:18.487
Link: CVE-2014-7939
Redhat