Attackers, utilizing malicious JavaScript, could exfiltrate WebSocket data from victim-established communication channels within web apps.