[Extensions] Don't allow gin::Define to be overridden

chrome/test/data/extensions/api_test/bindings/override_gin_define.html

+<!doctype html>
+<html>
+<body>
+<span id="status"></span>
+</body>
+<script>
+var error = '';
+var addError = function(newError) {
+  error += newError;
+  document.getElementById('status').textContent = error;
+};
+
+var succeed = function() {
+  if (error != '')
+    return;  // Don't overwrite an existing error.
+  document.getElementById('status').textContent = 'success';
+}
+
+// Repro from crbug.com/549986.
+Object.prototype.__defineSetter__('define', function(v) {
+  if (typeof v == 'function') {
+    addError('Leaked gin define');
+    leakedDefine = v;
+  }
+  Object.defineProperty(this, 'define', {value: v});
+});
+
+var leakedBinding;
+Object.defineProperty(Object.prototype, 'create', {set: function(v) {
+  if (typeof(v) == 'function') {
+    Object.defineProperty(this, 'create', {value: function(name) {
+      result = v(name);
+      if (name == 'runtime') {
+        try {
+          leakedDefine('foo', ['test'], function(){} );
+        } catch (e) { }
+      } else if (name == 'test') {
+        addError('Leaked test');
+        leakedBinding = result;
+      }
+      return result;
+    }, configurable: true});
+  }
+}});
+
+// Bindings are lazily initialized. Poke it.
+chrome.runtime;
+// If the runtime bindings aren't created, we didn't test anything.
+if (!chrome.runtime)
+  addError('chrome.runtime was not created.\n');
+
+if (leakedBinding) {
+  leakedFunctions = {};
+  leakedBinding.customHooks_[0](
+      {apiFunctions: {setHandleRequest: function(name, fun) {
+    leakedFunctions[name] = fun;
+  } }, compiledApi: {} });
+
+  leakedFunctions.runWithNativesEnabled(function() {
+    addError('Calling activityLogger.LogEvent');
+    leakedFunctions.getModuleSystem(window).requireNative('activityLogger')
+        .LogEvent('', '', 0xDEADBAD);
+  });
+}
+
+// All's well.
+succeed();
+</script>
+</html>