2

I know this is a duplicate question, but there aren't any recent updates on the answers given to this question(here and here) and after a few years, I'm sure browser security has improved drastically. I was wondering if it's still possible for a user to get a virus by just visiting a malicious website?

Say if you accidentally click a google search result and quickly close the page would it be possible for an attacker to put any malicious script in your browser? Also another situation is https://ytmp3.cc/youtube-to-mp3/ (a youtube video to mp3 converter), I'm sure this site isn't malicious but it does redirect you to other sketchy websites when you are prompted to download the converted file. These redirected websites are probably malicious.

Anders
  • 65,052
  • 24
  • 180
  • 218
UnrealApex
  • 123
  • 4
  • Please do not reask questions that have been asked. The older questions should be updated instead of duplicate questions asked. – schroeder May 23 '21 at 07:24
  • I’m voting to close this question because it is an admitted duplicate – schroeder May 23 '21 at 07:24
  • Browser security may have improved but it is not perfect. Zero days are still possible (or if you don't keep your browser up to date, known vulnerabilities are also an issue). – nobody May 23 '21 at 12:00
  • @schroeder Thanks for the advice :) – UnrealApex May 23 '21 at 17:08

1 Answers1

3

Absolutely, even legitimate web sites can be a source of infection due to the ads they display (for instance exploit kits or drive-by).

Also, as soon as you navigate from a vulnerable browser (especially affected with a zero-day exploit) or even worst with vulnerable plugins, some types of virus can load themselves without any kind of intervention (clicking accept to download or opening a file for example).

However, there are encouraging improvements to counter this problematic, Edge now uses an interesting security feature which consists of a partial sandbox used when browsing, so that any damage at the browser level is automatically remediated without compromising other software components.

raDiaSmO
  • 309
  • 1
  • 5
  • 2
    Please define "load themselves"; I'm inclined to call BS w/o a demonstration since browsers have been protecting against such vectors for the better part of a decade now. No browser opens an executable w/o intervention, even if the binary download is started programmatically. – dandavis May 24 '21 at 05:51