I know a bit about token bound channels. But the u2f device only talks to Chrome via usb. So anything that the legitimate chrome could say to the u2f device (negotiating tokens, channels, etc) can now be done by the attacker via webusb. So I would think the attacker can get the u2f device's signature on the attacker's channel.
It should be just as if you unplugged your u2f device from your machine and plugged it into the attacker's machine.