Plugin for XSS Detection

Preface there are a lot of software that can perform XSS detection, such as XSSer. The focus of this article is not the XSS detection, but the behavior detection triggered by the XSS. Er, it is simply to block the Cookie sending line.
Usechrome.* APIsWe can intercept requests and obtain cookies. The specific implementation is as follows:

chrome.webRequest.onBeforeRequest.addListener(function( details ) {    chrome.tabs.query({'active': true}, function (tabs) {        var url = tabs[0].url;         CookieString = "";        chrome.cookies.getAll({url: url}, function(cookies) {            if (cookies.length == 0)              return;            for (var i = 0; i < cookies.length - 1; i++) {              if (cookies[i].httpOnly == false) {                CookieString += cookies[i].name + "=" + cookies[i].value + "; ";              }            }            CookieString += cookies[cookies.length-1].name + "=" + cookies[cookies.length-1].value;             if (details.url.indexOf(escape(CookieString)) > 0 || details.url.indexOf(CookieString) > 0){                chrome.tabs.query({'active': true}, function (tabs) {                    chrome.tabs.remove(tabs[0].id, function(){});                });                alert("cookies stealen");            }        });    });    },    {urls: ["<all_urls>"]},    ["blocking"]);

In fact, the above Code only closes the tab, but because it is an asynchronous call, the cookie was issued long before it was disabled. How to block this webrequest.
Reference 1. https://developer.chrome.com/extensions/getstarted.html
2. https://developer.chrome.com/extensions/cookies.html
3. https://developer.chrome.com/extensions/tabs.html