Member getContentConfiguration (url, frameId, tabId)

iframes nested within an iframe with user-specific level do not get this level

If multiple requests are performed in parallel before the first one reaches onResponseStarted, all requests go through.

Member spoofCall (fakeData, originalPositionObject, successCallback)

The tile-based approach does not work correctly near poles but:

The function returns fake locations near poles.
As there are not many people near poles, we do not believe this wrapping is useful near poles so we do not consider this bug as important.

File wrappingS-AJAX.js

There are two flaws in the current implementation:

There are many ways (see e.g. https://github.com/cure53/HTTPLeaks) to replace XHR and consequently evade the wrapper. This can be mitigating by monitoring the requests using Web Request API.
The confirm method puts a lot of responsibility on the user who needs to have a good knowledge about the requests on each visited page.

File wrappingS-BATTERY-CR.js

Because we mimic Firefox behaviour, a Chromium derived browser becomes more easily fingerprintable. This can be fixed by properly wrapping BatteryManager.prototype getters and setters.

File wrappingS-ECMA-ARRAY.js

subarray() method always ruturns the full array.

File wrappingS-GP.js

The standard provides an event gamepadconnected and gamepaddisconnected that fires at least on the window object. We do not mitigate the event to fire and consequently, it is possible that an adversary can learn that a gamepad was (dis)connected but there was no change in the result of the navigator.getGamepads() API.

File wrappingS-VR.js

The standard provides events vrdisplayconnect, vrdisplaydisconnect vrdisplayactivate and vrdisplaydeactivate that fires at least on the window object. We do not mitigate the event to fire and consequently, it is possible that an adversary can learn that a VR display was (dis)connected but there was no change in the result of the navigator.activeVRDisplays() API.