CVE-5: End-to-End Data Exfiltration Chain

Complete attack chain demo: A single external page performs GPS theft, triggers payment dialog, and spoofs UI — all through JSBridge from an attacker-controlled URL loaded via DeepLink. tradePay uses INVALID order (no real payment).