CVE-2014-7939

Publication date 22 January 2015

Last updated 24 July 2024

Ubuntu priority

Medium

Why this priority?

Google Chrome before 40.0.2214.91, when the Harmony proxy in Google V8 is enabled, allows remote attackers to bypass the Same Origin Policy via crafted JavaScript code with Proxy.create and console.log calls, related to HTTP responses that lack an “X-Content-Type-Options: nosniff” header.

Read the notes from the security team

Status

Package Ubuntu Release Status
chromium-browser 15.10 wily
Fixed 40.0.2214.94-0ubuntu1.1120
15.04 vivid
Fixed 40.0.2214.94-0ubuntu1.1120
14.10 utopic
Fixed 40.0.2214.94-0ubuntu0.14.10.1.1110
14.04 LTS trusty
Fixed 40.0.2214.94-0ubuntu0.14.04.1.1068
12.04 LTS precise Ignored
10.04 LTS lucid Ignored end of life
oxide-qt 15.10 wily
Not affected
15.04 vivid
Not affected
14.10 utopic
Not affected
14.04 LTS trusty Not in release
12.04 LTS precise Not in release
10.04 LTS lucid Not in release

Notes

chrisccoulson

Harmony features are disabled in Oxide and there is no mechanism to enable them