- Reading keystrokes
- Extracting passwords saved in the browsers
- Reading cookies and HTML5 storage
- Enabling microphone and webcam (may require user interaction)
- Exploiting browser vulnerabilities
- Using the browser as pivot to the internal network of an organization
- Controlling the behavior of browser's tabs and windows ...