Make sure binding security checks don't pass if the frame is remote.

Blink assumes that remote frames will always fail the security origin
check. Unfortunately, reality is not that simple. There are several
instances where this assumption fails to hold. For example:

  1. Navigate to
  2. opens a new window.
  3. Navigate the new window to via the omnibox.
  4. Click a link to in both windows.

Because browser-initiated navigations go cross-process but
renderer-initiated navigations do not [1], the two windows will
end up in different renderer processes.

Both windows have the same origin but see each other as RemoteFrames.
This means that SecurityOrigin's canAccess check will pass… but this
ends up violating many assumptions in Blink that passing the security
check implies a local frame.



Review URL:

Cr-Commit-Position: refs/heads/master@{#387087}
3 files changed