Updating Blink to the recent NavigatorID changes, it makes productSub, vendor and vendorSub exposed on Worker where it previously was not. I've tested with this script:

['appCodeName',
 'appName',
 'appVersion',
 'platform',
 'product',
 'productSub',
 'userAgent',
 'vendor',
 'vendorSub'].forEach(function(attr) {
     console.log(attr + ': ' + (attr in navigator ? 'exposed' : 'NOT exposed'));
 });

Blink (Opera) and Gecko (Firefox) both agree that productSub/vendor/vendorSub are not exposed on workers.

Should we limit these to Window in the spec as well, or just go ahead and expose them?

CC @bzbarsky