Google security researcher Chris Evans reported
that data can be read across domains by injecting bogus CSS selectors
into a target site and then retrieving the data using JavaScript APIs.
If an attacker can inject opening and closing portions of a CSS
selector into points A and B of a target page, then the region between
the two injection points becomes readable to JavaScript through, for
example, the getComputedStyle()
API.