First published: Thu Jan 22 2015(Updated: )
Google Chrome before 40.0.2214.91, when the Harmony proxy in Google V8 is enabled, allows remote attackers to bypass the Same Origin Policy via crafted JavaScript code with Proxy.create and console.log calls, related to HTTP responses that lack an "X-Content-Type-Options: nosniff" header.
Credit: cve-coordination@google.com
Affected Software | Affected Version | How to fix |
---|---|---|
Google Chrome | <=40.0.2214.85 | |
Chromium Chromium | =40.0.2214.110 | |
Redhat Enterprise Linux Desktop Supplementary | =6.0 | |
Redhat Enterprise Linux Server Supplementary | =6.0 | |
Redhat Enterprise Linux Server Supplementary Eus | =6.6.z | |
Redhat Enterprise Linux Workstation Supplementary | =6.0 | |
openSUSE openSUSE | =13.1 | |
openSUSE openSUSE | =13.2 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.