This page is a proof of concept for an xss in chrome-fastread and firefox-fastread. There is zero user interaction required apart from the user enabling FastRead. The vulnerability enables an attacker to have stored XSS on every site that allows attacker-controlled text, for example comments on a blog or sth like that.

aaaaaaaaaaaaaaaaaa<imgsrc=xonerror=alert(1)>