The origin of the page is part of the signed payload. So if another website presented the challenge, the origin part wouldn't match.
That does assume the thing communicating with the security key is not compromised though (the browser/OS).
Not entirely sure about how Google Smart Lock on iOS works in this regard - since it communicates over BLE and could specify any origin, and then the process of going between the app/web on iOS can't be secured particularly well.
Also unclear how origins would work with regards to non-web applications. e.g. URL schemes aren't unique/owned/defendable.
That does assume the thing communicating with the security key is not compromised though (the browser/OS).
Not entirely sure about how Google Smart Lock on iOS works in this regard - since it communicates over BLE and could specify any origin, and then the process of going between the app/web on iOS can't be secured particularly well.
Also unclear how origins would work with regards to non-web applications. e.g. URL schemes aren't unique/owned/defendable.