diff --git a/docs/tutorial/security.md b/docs/tutorial/security.md
index c62fc9f3875e..628edd84ed85 100644
--- a/docs/tutorial/security.md
+++ b/docs/tutorial/security.md
@@ -80,22 +80,3 @@ This is not bulletproof, but at the least, you should attempt the following:
 
 Again, this list merely minimizes the risk, it does not remove it. If your goal
 is to display a website, a browser will be a more secure option.
-
-## Buffer Global
-
-Node's [Buffer](https://nodejs.org/api/buffer.html) class is currently available
-as a global even when the `nodeintegration` attribute is not added. You can
-delete this in your app by doing the following in your `preload` script:
-
-```js
-delete global.Buffer
-```
-
-Deleting it may break Node modules used in your preload script and app since
-many libraries expect it to be a global instead of requiring it directly via:
-
-```js
-const {Buffer} = require('buffer')
-```
-
-The `Buffer` global may be removed in future major versions of Electron.
diff --git a/lib/renderer/init.js b/lib/renderer/init.js
index 02c71b5fa028..d9a05592e999 100644
--- a/lib/renderer/init.js
+++ b/lib/renderer/init.js
@@ -127,6 +127,7 @@ if (nodeIntegration === 'true') {
   // Delete Node's symbols after the Environment has been loaded.
   process.once('loaded', function () {
     delete global.process
+    delete global.Buffer
     delete global.setImmediate
     delete global.clearImmediate
     delete global.global
diff --git a/spec/api-browser-window-spec.js b/spec/api-browser-window-spec.js
index 81d512212c39..354befdb3f4b 100644
--- a/spec/api-browser-window-spec.js
+++ b/spec/api-browser-window-spec.js
@@ -801,8 +801,9 @@ describe('BrowserWindow module', function () {
     describe('"node-integration" option', function () {
       it('disables node integration when specified to false', function (done) {
         var preload = path.join(fixtures, 'module', 'send-later.js')
-        ipcMain.once('answer', function (event, test) {
-          assert.equal(test, 'undefined')
+        ipcMain.once('answer', function (event, typeofProcess, typeofBuffer) {
+          assert.equal(typeofProcess, 'undefined')
+          assert.equal(typeofBuffer, 'undefined')
           done()
         })
         w.destroy()
diff --git a/spec/fixtures/module/declare-buffer.js b/spec/fixtures/module/declare-buffer.js
new file mode 100644
index 000000000000..9a054a24b5c0
--- /dev/null
+++ b/spec/fixtures/module/declare-buffer.js
@@ -0,0 +1,2 @@
+const Buffer = 'declared Buffer'
+module.exports = Buffer
diff --git a/spec/fixtures/module/preload-node-off.js b/spec/fixtures/module/preload-node-off.js
index 54fe343a9ca0..452ee41b68b3 100644
--- a/spec/fixtures/module/preload-node-off.js
+++ b/spec/fixtures/module/preload-node-off.js
@@ -1,6 +1,6 @@
 setImmediate(function () {
   try {
-    console.log([typeof process, typeof setImmediate, typeof global].join(' '))
+    console.log([typeof process, typeof setImmediate, typeof global, typeof Buffer].join(' '))
   } catch (e) {
     console.log(e.message)
   }
diff --git a/spec/fixtures/module/preload.js b/spec/fixtures/module/preload.js
index 39c8b11fbe38..e9dad8ac99bb 100644
--- a/spec/fixtures/module/preload.js
+++ b/spec/fixtures/module/preload.js
@@ -1 +1 @@
-console.log([typeof require, typeof module, typeof process].join(' '))
+console.log([typeof require, typeof module, typeof process, typeof Buffer].join(' '))
diff --git a/spec/fixtures/module/send-later.js b/spec/fixtures/module/send-later.js
index 8eb16f72f8cc..2d3156faaa7d 100644
--- a/spec/fixtures/module/send-later.js
+++ b/spec/fixtures/module/send-later.js
@@ -1,4 +1,4 @@
 var ipcRenderer = require('electron').ipcRenderer
 window.onload = function () {
-  ipcRenderer.send('answer', typeof window.process)
+  ipcRenderer.send('answer', typeof window.process, typeof window.Buffer)
 }
diff --git a/spec/modules-spec.js b/spec/modules-spec.js
index b8c02a2e3ee7..5f8271752711 100644
--- a/spec/modules-spec.js
+++ b/spec/modules-spec.js
@@ -69,6 +69,12 @@ describe('third-party module', function () {
         assert.strictEqual(require('./fixtures/module/declare-global'), 'declared global')
       })
     })
+
+    describe('Buffer', function () {
+      it('can be declared in a module', function () {
+        assert.strictEqual(require('./fixtures/module/declare-buffer'), 'declared Buffer')
+      })
+    })
   })
 })
 
diff --git a/spec/webview-spec.js b/spec/webview-spec.js
index 02207a4b26a4..21a5401840f9 100644
--- a/spec/webview-spec.js
+++ b/spec/webview-spec.js
@@ -171,7 +171,7 @@ describe('<webview> tag', function () {
   describe('preload attribute', function () {
     it('loads the script before other scripts in window', function (done) {
       var listener = function (e) {
-        assert.equal(e.message, 'function object object')
+        assert.equal(e.message, 'function object object function')
         webview.removeEventListener('console-message', listener)
         done()
       }
@@ -181,9 +181,9 @@ describe('<webview> tag', function () {
       document.body.appendChild(webview)
     })
 
-    it('preload script can still use "process" in required modules when nodeintegration is off', function (done) {
+    it('preload script can still use "process" and "Buffer" in required modules when nodeintegration is off', function (done) {
       webview.addEventListener('console-message', function (e) {
-        assert.equal(e.message, 'object undefined object')
+        assert.equal(e.message, 'object undefined object function')
         done()
       })
       webview.setAttribute('preload', fixtures + '/module/preload-node-off.js')
@@ -212,7 +212,7 @@ describe('<webview> tag', function () {
 
     it('works without script tag in page', function (done) {
       var listener = function (e) {
-        assert.equal(e.message, 'function object object')
+        assert.equal(e.message, 'function object object function')
         webview.removeEventListener('console-message', listener)
         done()
       }
@@ -224,7 +224,7 @@ describe('<webview> tag', function () {
 
     it('resolves relative URLs', function (done) {
       var listener = function (e) {
-        assert.equal(e.message, 'function object object')
+        assert.equal(e.message, 'function object object function')
         webview.removeEventListener('console-message', listener)
         done()
       }
@@ -318,7 +318,7 @@ describe('<webview> tag', function () {
 
     it('does not break preload script', function (done) {
       var listener = function (e) {
-        assert.equal(e.message, 'function object object')
+        assert.equal(e.message, 'function object object function')
         webview.removeEventListener('console-message', listener)
         done()
       }
diff --git a/vendor/node b/vendor/node
index b64908216a6d..9eeeb53aa697 160000
--- a/vendor/node
+++ b/vendor/node
@@ -1 +1 @@
-Subproject commit b64908216a6d5f84862b2b947985a513a6521cb3
+Subproject commit 9eeeb53aa697a54561ffc6c94f06b3ac5963f398