I don’t always agree with Steve Gibson. On this particular attack the one thing that makes this a non-issue is that you have to have active malicious code running in the browser. Once your machine is compromised in any way you aren’t secure, it is really that simple. You can listen to Steve talk about this and get a text transcription on the Security Now episode page.
