What could the hacker accomplish even if they were able to execute some code? They're still in a browser tab and you can only do limited things. My thinking is that if the code was somewhat executed on 4chan, they could inject a <script> tag on the page that sends the cookie information you have on 4chan (which might include your session id) so others can login with your account. However, Reddit doesn't load images on their site directly so this type of attack would not be possible.