This talk will cover the state of browser enforced security models in 2012: Including Same-Origin policy derivatives: How they should work, where they fail and an example of how to bypass them. Additional content will include bypassing Cross-Site scripting filters in Chrome and abusing mime types for fun and profit.