Imagine you're a shady streaming site running tons of shady ads. Now imagine one of your shady advertisers loads a shady iframe using this exploit. The targeted user keeps that tab open for a few hours- they're watching a show, after all. As the streaming site loading the add, you're none the wiser.