Thread:Icefirephoenix/@comment-34929636-20181220004933/@comment-34929636-20181220011659

Basically, due to the chat program being in beta, they had forgotten some basic security measures, so they could directly inject HTML, CSS, and JavaScript code, meaning they could technically attack the guy's computer through the browser.