Since Chrome and other browser's configuration flags are accessible via a URL, and the configuration is done typically within a web page, I was wondering if it presented a security vulnerability.
I was thinking it might be exploitable by a specifically-formed URL, such as
chrome://flags/javascript:handleEnableExperimentalFeature(Displaylist2Dcanvas, enable)
or by a bookmarklet-style javascript that loads and manipulates the flags page? I've tried to do this but it didn't work; I'm not sure if that's because I did it wrong, or because it just isn't vulnerable to that type of attack.
No you cannot do that. Just imagine if people could edit chrome flags via URL, it would be a disaster. Unless you write a chrome extension or some other client side application to change said chrome flag, you can't do that.