What is CVE-2014-7939?

CVE-2014-7939 is a vulnerability in Chromium, classified under CWE-264. Published 2015-01-22.

Is CVE-2014-7939 known to be exploited?

1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Vulnerability in Chromium

CVE-2014-7939

Google Chrome before 40.0.2214.91, when the Harmony proxy in Google V8 is enabled, allows remote attackers to bypass the Same Origin Policy via crafted JavaScript code with Proxy.create and console.log calls, related to HTTP responses that…

EPSS: 0.007 (72.2th percentile) — read the EPSS interpretation.

Affected products

Chromium — versions 40.0.2214.110
Google Chrome
Opensuse — versions 13.1, 13.2
Redhat Enterprise_linux_desktop_supplementary — versions 6.0
Redhat Enterprise_linux_server_supplementary — versions 6.0
Redhat Enterprise_linux_server_supplementary_eus — versions 6.6.z
Redhat Enterprise_linux_workstation_supplementary — versions 6.0
N/a — versions n/a

Weakness classification (CWE)

CWE-264

Public proof-of-concept exploits

jesusprubio/strong-node

References

62665 (x_refsource_SECUNIA, third-party-advisory)
chrome-cve-admin@google.com (x_refsource_CONFIRM)
72288 (vdb-entry, x_refsource_BID)
GLSA-201502-13 (vendor-advisory, x_refsource_GENTOO)
1031623 (vdb-entry, x_refsource_SECTRACK)
openSUSE-SU-2015:0441 (vendor-advisory, x_refsource_SUSE)
RHSA-2015:0093 (x_refsource_REDHAT, vendor-advisory)
62383 (x_refsource_SECUNIA, third-party-advisory)
chrome-cve-admin@google.com (x_refsource_CONFIRM)

Frequently asked questions

What is CVE-2014-7939?: CVE-2014-7939 is a vulnerability in Chromium, classified under CWE-264. Published 2015-01-22.
Is CVE-2014-7939 known to be exploited?: 1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.