diff --git a/cli/js/compiler.ts b/cli/js/compiler.ts
index ed156ef0ab3810..25f5cd17c04cd3 100644
--- a/cli/js/compiler.ts
+++ b/cli/js/compiler.ts
@@ -412,6 +412,12 @@ function bootstrapWasmCompilerRuntime(): void {
   globalThis.onmessage = wasmCompilerOnMessage;
 }
 
+// Removes the `__proto__` for security reasons.  This intentionally makes
+// Deno non compliant with ECMA-262 Annex B.2.2.1
+//
+// eslint-disable-next-line @typescript-eslint/no-explicit-any
+delete (Object.prototype as any).__proto__;
+
 Object.defineProperties(globalThis, {
   bootstrapWasmCompilerRuntime: {
     value: bootstrapWasmCompilerRuntime,
diff --git a/cli/js/main.ts b/cli/js/main.ts
index fbebfefe4247f2..881d3ad4a0f061 100644
--- a/cli/js/main.ts
+++ b/cli/js/main.ts
@@ -2,6 +2,12 @@
 import { bootstrapMainRuntime } from "./runtime_main.ts";
 import { bootstrapWorkerRuntime } from "./runtime_worker.ts";
 
+// Removes the `__proto__` for security reasons.  This intentionally makes
+// Deno non compliant with ECMA-262 Annex B.2.2.1
+//
+// eslint-disable-next-line @typescript-eslint/no-explicit-any
+delete (Object.prototype as any).__proto__;
+
 Object.defineProperties(globalThis, {
   bootstrapMainRuntime: {
     value: bootstrapMainRuntime,
diff --git a/cli/tests/integration_tests.rs b/cli/tests/integration_tests.rs
index ce08c6b61a2fe2..e20b8da05c35dd 100644
--- a/cli/tests/integration_tests.rs
+++ b/cli/tests/integration_tests.rs
@@ -1426,6 +1426,11 @@ itest!(fix_js_imports {
   output: "fix_js_imports.ts.out",
 });
 
+itest!(proto_exploit {
+  args: "run proto_exploit.js",
+  output: "proto_exploit.js.out",
+});
+
 #[test]
 fn cafile_fetch() {
   use deno::http_cache::url_to_filename;
diff --git a/cli/tests/proto_exploit.js b/cli/tests/proto_exploit.js
new file mode 100644
index 00000000000000..8bd22cfe532c22
--- /dev/null
+++ b/cli/tests/proto_exploit.js
@@ -0,0 +1,5 @@
+const payload = `{ "__proto__": null }`;
+const obj = {};
+console.log("Before: " + obj);
+Object.assign(obj, JSON.parse(payload));
+console.log("After: " + obj);
diff --git a/cli/tests/proto_exploit.js.out b/cli/tests/proto_exploit.js.out
new file mode 100644
index 00000000000000..fde881dc558cb0
--- /dev/null
+++ b/cli/tests/proto_exploit.js.out
@@ -0,0 +1,2 @@
+Before: [object Object]
+After: [object Object]