Chrome Universal XSS by polluting private scripts with named properties (CVE-2017-5008)

VULNERABILITY DETAILS When a private script method is invoked, a ScriptForbiddenScope::AllowUserAgentScript scope is set up to allow running the internal script. It is possible to exploit this scope to execute user code here: static v8::Local compileAndRunPrivateScriptScriptState scriptState,...