In https://trac.webkit.org/changeset/57004, CodeGeneratorV8 is changed to cache wrappers for 'readonly' IDL values, using native object pointer as a hash value. That means, if different object pointer value is returned, previous wrapper will stall in the cache, creating a memory leak. For example, that happened with MemoryInfo object which is created anew on every Console::memory() call. 'readonly' doesn't mean 'constant'! I think, this logic needs to be revised, because nothing in .idl specifies that getter value returns the same native pointer.
https://code.google.com/p/chromium/issues/detail?id=230536