Launchpad.net

CVE 2014-7939

Google Chrome before 40.0.2214.91, when the Harmony proxy in Google V8 is enabled, allows remote attackers to bypass the Same Origin Policy via crafted JavaScript code with Proxy.create and console.log calls, related to HTTP responses that lack an "X-Content-Type-Options: nosniff" header.

Related bugs and status

CVE-2014-7939 (Candidate) is related to these bugs:

Bug #1378627: chromium-browser crashed with SIGSEGV

		In	Importance	Status
1378627	chromium-browser crashed with SIGSEGV	chromium-browser (Ubuntu)	Medium	Fix Released
1378627	chromium-browser crashed with SIGSEGV	Chromium Browser	Unknown	Unknown
1378627	chromium-browser crashed with SIGSEGV	Mesa	Medium	Won't Fix
1378627	chromium-browser crashed with SIGSEGV	chromium-browser (Debian)	Unknown	Fix Released
1378627	chromium-browser crashed with SIGSEGV	chromium-browser (Fedora)	Undecided	Won't Fix

Bug #1398900: No search suggestions in chromium omnibox

Summary				In	Importance	Status
	1398900	No search suggestions in chromium omnibox		chromium-browser (Ubuntu)	Undecided	Fix Released

Bug #1414753: Chromium browser 39.0.2171.65 does not load policies

Summary				In	Importance	Status
	1414753	Chromium browser 39.0.2171.65 does not load policies		chromium-browser (Ubuntu)	Undecided	Fix Released

Bug #1415555: error while loading shared libraries: libui_base.so

Summary				In	Importance	Status
	1415555	error while loading shared libraries: libui_base.so		chromium-browser (Ubuntu)	Undecided	Fix Released

See the

CVE page on Mitre.org for more details.

References

CONFIRM: http://googlechromerel...
CONFIRM: https://code.google.co...
GENTOO: GLSA-201502-13
REDHAT: RHSA-2015:0093
SUSE: openSUSE-SU-2015:0441
BID: 72288
SECTRACK: 1031623
SECUNIA: 62383
SECUNIA: 62665