http://www.securityweek.com/html5-features-efficient-web-exploit-obfuscation-researchers Sigh. We're slowly getting rid of the flashplayer - and now this
Yes that was expected. As the web is moving to HTML5 so will those that try to use it for whatever they want.
The article says: What? Isn't HTML5 running in the renderer process which is sandboxed in Chrome? I think that assertion doesn't make sense.