sirdarckcat
commented
3 years ago https://bugs.chromium.org/p/chromium/issues/detail?id=1158234 fixes that.
For YouTube and Drive, it seems to be possibly related to Chrome Apps for those origins. We might need to ask the user to delete the apps (ugh!)
trying to intercept https://tamper.dev interestingly fails with permission errors when the youtube iframe is there.
this is probably because of permissions, as activeTab does not seem to grant access to all frames.
weirdly http://evilwebsite.com/xss.php?frame_xss=//evilwebsite.com./xss.php does not exhibit this behavior.