It can make requests but only with no CORS, which could be useful for accessing some weakly secured HTTP resources behind a corporate VPN or something (in the same way any other site can but over a much longer period). It could also potentially be used for tracking user IP address activity, crypto mining, building a botnet, etc.
> OH NO I JUST REALIZED THIS IS NOT ACTUALLY PROPERLY FIXED AND STILL WORKS
> even worse, edge no longer even makes the download menu pop up, so it's completely silent js rce that keeps running even after you close the browser !!
> all from just visiting a single website once !!
> issue set to private again, hopefully it'll get fixed properly this time :p