The more universally executable code you have to run in a low-trust environment which is a WWW document, the more interesting vulnerabilities can creep in.
It's too late though: https://portswigger.net/research/ublock-i-exfiltrate-exploit...