No: the phishing attack leads the browser to parse and run malicious javascript and HTML.
If the phishing page is then able to compromise the browser the security is breached.
For example it could trick the browser into presenting the legitimate URL to the U2F token, or wait for the user to log on the home banking site for real and then perform transaction, or many other attacks.
If the phishing page is then able to compromise the browser the security is breached.
For example it could trick the browser into presenting the legitimate URL to the U2F token, or wait for the user to log on the home banking site for real and then perform transaction, or many other attacks.