Looking at the other end of the chain would not need an xserver vulnerability to to this, a hole in closed-source Flash would be quite enough-and would be given to the NSA before it was fixed. Flash and Java are also the two biggest targets for Windows exploits! If this is an issue, avoid flash, use HTML5 instead of flash and do not install Java. Also a browser vulnerability found by the attacker first would be usable, as would a hole in the codec used by the video for playback. A good reason to use Gstreamer and not Cisco's binary for H264, and not to use closed browsers like Opera. In short, Wayland won't fix this, as there are are at least three other places an attack could be mounted.

In short, the chain of vulnerabilities for a video escape sequence attack works like this: Network card, Flash (if used), browser, Xorg, video driver, kernel system calls. A chain is only as strong as its weakest link. If you run Flash and Java over Chromium on Wayland, you have only slightly reduced your attack cross-section.

Chrome/-ium has been sandboxing flash with seccomp-bpf since version 20 and all render processes since version 23 so it would probably be very difficult to use a flash exploit for anything useful