I've decided to take this issue slowly; most people's "solutions" are already assuming a certain definition of the problem, which is rarely stated.
The problem is this: pieces of the "chrome" (browser interface, as opposed to web-content display) can be hidden, and then fake data put in its place that trick the user into thinking that data is part of the browser.
But what things can a user be tricked into doing by mistaking content for browser? There's no danger (security-wise) in hitting a fake back-button, right? So, here's the problems I can think of:
I'm sure there are some potential attacks I'm missing. If you know of them, add them. If I come across them, I'll update this post to include them. As I see it, the attack fall into two categories: browser-input spoofing, and browser anti-phishing circumvention. Does that cover it? Are there other types I'm missing?