8.8 High
AI Score
Confidence
High
4.3 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
0.005 Low
EPSS
Percentile
75.8%
Google Chrome before 40.0.2214.91, when the Harmony proxy in Google V8 is enabled, allows remote attackers to bypass the Same Origin Policy via crafted JavaScript code with Proxy.create and console.log calls, related to HTTP responses that lack an “X-Content-Type-Options: nosniff” header.
googlechromereleases.blogspot.com/2015/01/stable-update.html
lists.opensuse.org/opensuse-security-announce/2015-03/msg00005.html
rhn.redhat.com/errata/RHSA-2015-0093.html
secunia.com/advisories/62383
secunia.com/advisories/62665
security.gentoo.org/glsa/glsa-201502-13.xml
www.securityfocus.com/bid/72288
www.securitytracker.com/id/1031623
code.google.com/p/chromium/issues/detail?id=399951