Phishing is the number one scheme afaik. Basically the link looks legit, and the website you go to looks just as legit, but it’s a scam site built to get CC info or meta data out of the unsuspecting user. Usually it’s a letter off the normal site, or adds a period somewhere in the spelling. Something innocuous that you wouldn’t notice right away.

Another would be if the link has something attached to it, like a trojan, but I’m nowhere near knowledgeable enough to speak on that subject.

Curious where you got the idea of a “secure sandbox” from lol. Websites are programmed to load web pages. Those web pages can have harmful scripts on them that the browser activates as part of the loading process, and that can result in your computer getting infected with stuff like adware, spyware or viruses. Sometimes it’s not even actually on the site itself – the site can host a container for an advertisement, where the advertisement is getting fed from somewhere else, and sometimes an infected ad can be displayed. Browsers *are* getting better at trying to block this stuff you still have to be cautious about where you browse.

They are run in a “secure” sandbox. But this is software, and software always has bugs.
If you find the right bug and feed it the right data you might be able to affect things outside the sandbox. This doesn’t just happen with websites but can also happen basically any time any kind of data gets processed. (I have seen a talk where someone exploited a fax machine by sending it specially crafted faxes)

However, these kinds of exploits are pretty rare.

Depends on where you access the link. In my techsupport experience people are very dumb, some people fall for any and every scam and the best way to safeguard against employees at a company from downloading malware is to just tell them to never click on links they get in emails.
Yes when you load a website it is mostly confined in one part of your pc storage but in that space it can still do a lot. It can read temporary files or cookies which can give some insight into the user and assist with making any scams or malware look more legit. It can also try to monopolise a computer’s resources like RAM so that the device slows down. This too can be used to try to convince people they have a “virus” and need to download the scam groups malware to “fix the pc”

I got a virus on my computer that got in via cookies through a particular website. Was trying to download a game (not entirely legally) and I got redirected to a Russian website. Didn’t think much of it at the time but noticed it started affecting my computer in many ways. Changing regions, slowing it down to like 5% performance and changing language of my browser to Russian as some of the more noticeable features.

Unfortunately this virus had infected just about everything from changing the settings in chrome to default to the website (to reload those cookies and re-infect the system), creating scripts in the shortcut to load the page, it created and modified registry files even going so far as getting into the boot folder of windows so when I factory reset my OS and opened up explorer to get started it immediately took me to that website.

Legitimately took me about a month to eventually scrub the entire system because if I forgot even one thing it re-infected everything and I’d have to start over.

Hi 🙂

Phishing and malware people download and execute are probably the most common issues, but there are ways to directly do harm, as there’s no browser that is 100% safe. Such things are usually fixed quickly, but still they do happen.

Computers are pretty dumb and just execute code. Stuff that’s in memory.

If you find a way to manipulate stuff outside of what a website’s script or plug-in can do, you may introduce code that should not be executed.

 

Let’s take the Macromedia / Adobe Flash plug-in for example. A great way to make animations and games before websites were as dynamic as they are today.

Flash could play video, read inputs, access your webcam, microphone… At one point store and read files to remember stuff or even have you make custom avatars for example. A versatile tool.

But such extensive functionality makes everything very complex. People find bugs or exploits.

Continious bugs and security issues made it pretty infamous.

 

Let’s say you find a bug that causes the plug-in to crash and the safe environment as well. It could result in behavior that lets you bypass security measurements.

 

Or another thing is to fill memory until something weird happens.

Let’s say you can store 1 word of data for your game.

But someone forgot to check if you actually only store one word.

So you write 10 words. The too long data might get written into a part of the computer’s memory where its shouldn’t be in, and gets executed.

With this method you could easily can do damage to a system.

 

Sometimes it’s not even the browser’s or plug-in developer’s fault.

If the plug-in has access to something it is allowed to have, but there’s a bug in the operating system, it can just exploit that.

E.g. you could reliably crash a Windows computer by accessing C:concon – And even in Windows 10, you can’t create those folders. Under old windows versions you could just embed an image or try in another way to access that path, and you’d crash any windows computer. Fun times! 🙂

**Please read this entire message**

Your submission has been removed for the following reason(s):

Straightforward or factual queries are not allowed on ELI5. ELI5 is meant for simplifying complex concepts.

If you would like this removal reviewed, please read the [detailed rules](https://www.reddit.com/r/explainlikeimfive/wiki/detailed_rules) first. **If you believe this submission was removed erroneously**, please [use this form](https://old.reddit.com/message/compose?to=%2Fr%2Fexplainlikeimfive&subject=Please%20review%20my%20thread?&message=Link:%20https://www.reddit.com/r/explainlikeimfive/comments/ooop5o/eli5_how_can_opening_a_link_to_a_website_be/%0A%0APlease%20answer%20the%20following%203%20questions:%0A%0A1.%20The%20concept%20I%20want%20explained:%0A%0A2.%20Link%20to%20the%20search%20you%20did%20to%20look%20for%20past%20posts%20on%20the%20ELI5%20subreddit:%0A%0A3.%20How%20is%20this%20post%20unique:) and we will review your submission.