@bontchev @stux as now I kind of think, that hardest part would be to get that malicious page connected to target chat and probably doable with some nice socially engineered pre-prompts. Then all needed to do is to give some suitable initial command not shown to user to turn it to look and feel as other unique bot. After all, I could just use dom manipulation to hide things. And vóla, access to chat history (juicy or not) granted. And if no chat to exploit? Sorry, we are under heavy load...