CVE-2014-7939

Priority
Description
Google Chrome before 40.0.2214.91, when the Harmony proxy in Google V8 is
enabled, allows remote attackers to bypass the Same Origin Policy via
crafted JavaScript code with Proxy.create and console.log calls, related to
HTTP responses that lack an "X-Content-Type-Options: nosniff" header.
Notes
 chrisccoulson> Harmony features are disabled in Oxide and there is no
  mechanism to enable them
Package
Upstream:released (40.0.2214.91)
Ubuntu 14.04 LTS (Trusty Tahr):released (40.0.2214.94-0ubuntu0.14.04.1.1068)
Ubuntu 16.04 LTS (Xenial Xerus):released (40.0.2214.94-0ubuntu1.1120)
Package
Upstream:not-affected
Ubuntu 14.04 LTS (Trusty Tahr):not-affected
Ubuntu 16.04 LTS (Xenial Xerus):not-affected
More Information

Updated: 2019-01-14 22:14:31 UTC (commit 51f9b73af244ba86b9321e46e526586c25a8e060)