Here are the basic steps of what happens:

1. Malware runs on user’s machine

• but others have similar features

1. Malware connects to the debugging port

• or remote control the browser

1. Attacker uses the cookies and gains access to resources

Note: This specific technique via the remote debugging port was originally described as “Cookie Crimes” by @mangopdf for Chrome.