"Although the Window.crypto property iteself is read-only, all of its methods (and the methods of its child object, SubtleCrypto) are not read-only, and therefore vulnerable to attack by polyfill."
If the Crypto class had a copying constructor that also replaced the SubtleCrypto with a defensive deep copy, it would be possible to prevent this attack by using a defensive copy of the Crypto object that was made before any untrusted polyfills were loaded.
According to https://developer.mozilla.org/en-US/docs/Web/API/Window/crypto:
"Although the Window.crypto property iteself is read-only, all of its methods (and the methods of its child object, SubtleCrypto) are not read-only, and therefore vulnerable to attack by polyfill."
If the Crypto class had a copying constructor that also replaced the SubtleCrypto with a defensive deep copy, it would be possible to prevent this attack by using a defensive copy of the Crypto object that was made before any untrusted polyfills were loaded.