SecurityOrigin is intentionally shared between documents.
Some of such cases are covered by tests (by checking whether changes to document.domain affect another document's document.domain, or doing same-origin check for a unique origin that is aliased among multiple documents), but not all cases are covered.
This issue tracks to add test coverage for such aliased security origins.
See the comments in
https://chromium-review.googlesource.com/c/chromium/src/+/752563
(inline comments in PatchSet 8) for the current situation and coverage.
Aliased security origins can be found by codesearching for
SecurityOrigin/ExecutionContext::GetMutableSecurityOrigin() calls
(likely with SetSecurityOrigin()/UpdateSecurityOrigin()/etc.).
Comment 1 by mkwst@chromium.org
, Nov 30 2017Status: Available (was: Untriaged)