I'm not that familiar with Chrome's process isolation but I think that the renderer process that displays your Reddit.com tab would still render that image, even if it came from a different domain.

Chrome doesn't spin up another process to render the image and then transfer the pixels.

Wouldn’t the exploit code be able to bypass all those cross domain checks? As long as they are running in the same sandbox, right?