CVE-2014-7939 (retired)

Priority
Description
Google Chrome before 40.0.2214.91, when the Harmony proxy in Google V8 is
enabled, allows remote attackers to bypass the Same Origin Policy via
crafted JavaScript code with Proxy.create and console.log calls, related to
HTTP responses that lack an "X-Content-Type-Options: nosniff" header.
Notes
 chrisccoulson> Harmony features are disabled in Oxide and there is no
  mechanism to enable them
Package
Upstream:released (40.0.2214.91)
Ubuntu 16.04 LTS (Xenial Xerus):released (40.0.2214.94-0ubuntu1.1120)
Package
Upstream:not-affected
Ubuntu 16.04 LTS (Xenial Xerus):not-affected
More Information

Updated: 2019-08-23 09:04:24 UTC (commit 436fd4ed4cf0038ddd382cb8649607ace163dda7)