Chrome Universal XSS via the interception of |Binding| with Object.prototype.create (CVE-2016-1674)
VULNERABILITY DETAILS The fix for the issue 590118 is insufficient to protect against the bindings interception. While they can't be accessed by triggering accessors on the |modules| object anymore, it's still possible to trap the set operation for |Binding. create| using the Object. prototype...