And here begins the chain of my concerns. Remember, I'm not a specialist on this topic, thus... everything written here might be a complete nonsense. But I can imagine a scenario:
prepare a specially crafted "media" file - generally an encrypted file with a shellcode/payload
encapsulate its reference in an <audio> tag
Does it sound impossible to you? Use the comments section below to share your opinions. I'm quite afraid of such a huge door open for new ways of exploitation/infection.