CVE-2014-7939
First published: Thu Jan 22 2015(Updated: )
Google Chrome before 40.0.2214.91, when the Harmony proxy in Google V8 is enabled, allows remote attackers to bypass the Same Origin Policy via crafted JavaScript code with Proxy.create and console.log calls, related to HTTP responses that lack an "X-Content-Type-Options: nosniff" header.
Credit: cve-coordination@google.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Google Chrome (Trace Event) | <=40.0.2214.85 | |
| Chromium | =40.0.2214.110 | |
| Red Hat Enterprise Linux Desktop | =6.0 | |
| Red Hat Enterprise Linux Server Supplementary | =6.0 | |
| Red Hat Enterprise Linux Server Supplementary EUS | =6.6.z | |
| Red Hat Enterprise Linux Workstation Supplementary | =6.0 | |
| SUSE Linux | =13.1 | |
| SUSE Linux | =13.2 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://googlechromereleases.blogspot.com/2015/01/stable-update.html
- http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00005.html
- http://rhn.redhat.com/errata/RHSA-2015-0093.html
- http://secunia.com/advisories/62383
- http://secunia.com/advisories/62665
- http://security.gentoo.org/glsa/glsa-201502-13.xml
- http://www.securityfocus.com/bid/72288
- http://www.securitytracker.com/id/1031623
- https://code.google.com/p/chromium/issues/detail?id=399951
Frequently Asked Questions
What is the severity of CVE-2014-7939?
CVE-2014-7939 is considered a high severity vulnerability due to its ability to enable bypassing the Same Origin Policy.
How do I fix CVE-2014-7939?
To fix CVE-2014-7939, update Google Chrome or Chromium to version 40.0.2214.91 or later.
What systems are affected by CVE-2014-7939?
CVE-2014-7939 affects Google Chrome versions before 40.0.2214.91 and specific versions of Chromium and Red Hat Enterprise Linux.
What is the impact of CVE-2014-7939?
The impact of CVE-2014-7939 allows remote attackers to execute crafted JavaScript, potentially accessing sensitive information.
Is there a workaround for CVE-2014-7939?
A potential workaround for CVE-2014-7939 is to disable the Harmony proxy feature in the V8 JavaScript engine if possible.
- agent/type
- agent/references
- agent/author
- agent/severity
- agent/weakness
- agent/description
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/first-publish-date
- agent/event
- agent/source
- agent/softwarecombine
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/google
- canonical/google chrome (trace event)
- version/google chrome (trace event)/40.0.2214.85
- vendor/chromium
- canonical/chromium
- version/chromium/40.0.2214.110
- vendor/redhat
- canonical/red hat enterprise linux desktop
- version/red hat enterprise linux desktop/6.0
- canonical/red hat enterprise linux server supplementary
- version/red hat enterprise linux server supplementary/6.0
- canonical/red hat enterprise linux server supplementary eus
- version/red hat enterprise linux server supplementary eus/6.6.z
- canonical/red hat enterprise linux workstation supplementary
- version/red hat enterprise linux workstation supplementary/6.0
- vendor/opensuse
- canonical/suse linux
- version/suse linux/13.1
- version/suse linux/13.2