Evil Page Demo
Step 1. Exploit a Chrome bug and take over renderer process.
Step 2. Reach into user's account in iframe, or request a document as a subresource.
Step 3. Profit!
<iframe src='https://ci.chromium.org/p/chromium/g/main/console'>
XHR to example.com
XHR to www.chromium.org