[benten10]

Interesting... Can this 'hack' be used to convince people that, say, they're in a different/secure website when they're in a malicious website? I ask because since the 'fake' cursor is visible even on the address bar, the page must be able to overwrite the pixels there?

[joshstrange]

As this demo is now (and probably even with a lot of work) no due to the vast number of browser chrome (UI, not google chrome) configs. It's also very jittery in the demo. That said there is plenty of room for abuse in clicking things like like/tweet/etc buttons it would appear.