Set prototype for GuestView*.prototype to null.

extensions/renderer/resources/guest_view/guest_view_attributes.js

Index: extensions/renderer/resources/guest_view/guest_view_attributes.js
diff --git a/extensions/renderer/resources/guest_view/guest_view_attributes.js b/extensions/renderer/resources/guest_view/guest_view_attributes.js
index 6c7f711ef6ce837814b16508c4a81581f41fa746..578e00e87cb17f24d0bac750003d30642a14f083 100644
--- a/extensions/renderer/resources/guest_view/guest_view_attributes.js
+++ b/extensions/renderer/resources/guest_view/guest_view_attributes.js
@@ -17,6 +17,12 @@ function Attribute(name, view) {
   this.defineProperty();
 }
 
+// Prevent GuestViewEvents inadvertently inheritng code from the global Object,
+// allowing a pathway for unintended execution of user code.
+// TODO(wjmaclean): Use utils.expose() here instead, track down other issues
+// of Object inheritance. https://crbug.com/701034
+Attribute.prototype.__proto__ = null;
+
 // Retrieves and returns the attribute's value.
 Attribute.prototype.getValue = function() {
   return this.view.element.getAttribute(this.name) || '';