Google Chrome prior to 40.0.2214.91, when the Harmony proxy in Google V8 is enabled, allows remote malicious users to bypass the Same Origin Policy via crafted JavaScript code with Proxy.create and console.log calls, related to HTTP responses that lack an "X-Content-Type-Options: nosniff" header.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
google chrome |
||
chromium chromium 40.0.2214.110 |
||
redhat enterprise linux desktop supplementary 6.0 |
||
redhat enterprise linux server supplementary 6.0 |
||
redhat enterprise linux workstation supplementary 6.0 |
||
redhat enterprise linux server supplementary eus 6.6.z |
||
opensuse opensuse 13.1 |
||
opensuse opensuse 13.2 |