Описание
Google Chrome before 40.0.2214.91, when the Harmony proxy in Google V8 is enabled, allows remote attackers to bypass the Same Origin Policy via crafted JavaScript code with Proxy.create and console.log calls, related to HTTP responses that lack an "X-Content-Type-Options: nosniff" header.
| Релиз | Статус | Примечание |
|---|---|---|
| devel | released | 40.0.2214.94-0ubuntu1.1120 |
| esm-infra-legacy/trusty | DNE | trusty/esm was DNE [trusty was released [40.0.2214.94-0ubuntu0.14.04.1.1068]] |
| lucid | ignored | end of life |
| precise | ignored | |
| trusty | released | 40.0.2214.94-0ubuntu0.14.04.1.1068 |
| trusty/esm | DNE | trusty was released [40.0.2214.94-0ubuntu0.14.04.1.1068] |
| upstream | released | 40.0.2214.91 |
| utopic | released | 40.0.2214.94-0ubuntu0.14.10.1.1110 |
| vivid | released | 40.0.2214.94-0ubuntu1.1120 |
| wily | released | 40.0.2214.94-0ubuntu1.1120 |
Показывать по
| Релиз | Статус | Примечание |
|---|---|---|
| devel | not-affected | |
| esm-infra-legacy/trusty | DNE | trusty/esm was DNE [trusty was not-affected] |
| lucid | DNE | |
| precise | DNE | |
| trusty | not-affected | |
| trusty/esm | DNE | trusty was not-affected |
| upstream | not-affected | |
| utopic | not-affected | |
| vivid | not-affected | |
| wily | not-affected |
Показывать по
EPSS
4.3 Medium
CVSS2
Связанные уязвимости
Google Chrome before 40.0.2214.91, when the Harmony proxy in Google V8 is enabled, allows remote attackers to bypass the Same Origin Policy via crafted JavaScript code with Proxy.create and console.log calls, related to HTTP responses that lack an "X-Content-Type-Options: nosniff" header.
Google Chrome before 40.0.2214.91, when the Harmony proxy in Google V8 is enabled, allows remote attackers to bypass the Same Origin Policy via crafted JavaScript code with Proxy.create and console.log calls, related to HTTP responses that lack an "X-Content-Type-Options: nosniff" header.
Google Chrome before 40.0.2214.91, when the Harmony proxy in Google V8 ...
Google Chrome before 40.0.2214.91, when the Harmony proxy in Google V8 is enabled, allows remote attackers to bypass the Same Origin Policy via crafted JavaScript code with Proxy.create and console.log calls, related to HTTP responses that lack an "X-Content-Type-Options: nosniff" header.
EPSS
4.3 Medium
CVSS2