In order to allow cross-origin XMLHttpRequests in user scripts in Chrome's extension system, bug 59843 added the ability to associated a SecurityOrigin with an isolated world (user scripts evaluate in an isolated world). This is currently only supported in the V8 ScriptController implementation. A related change that is necessary is to modify the JSC XMLHttpRequest constructor wrapper to get this SecurityOrigin and associated it with the C++ instance.