Out of curiosity, let's say I visited a site that was designed to exploit Chrome. What is the worst it could do? Install a keylogger for example?

Or would it basically be browser only?