Expert discovered an exploit that could allow Adblock Plus, AdBlock, and uBlocker browser extensions to craft filters to inject remote scripts into web sites. Under certain conditions it is possible to create a rule that injects a remote script into a target site. The exploit is possible with the help of this filter option when they use XMLHttpRequest or Fetch to download code snippets for execution, while allowing requests to arbitrary origins and hosting a server-side open redirect. Google has been notified about the exploit, but the report was closed as Intended Behavior”]
Source: https://securityaffairs.co/wordpress/83965/hacking/adblock-plus-filter-hack.html