They are run in a “secure” sandbox. But this is software, and software always has bugs.
If you find the right bug and feed it the right data you might be able to affect things outside the sandbox. This doesn’t just happen with websites but can also happen basically any time any kind of data gets processed. (I have seen a talk where someone exploited a fax machine by sending it specially crafted faxes)

However, these kinds of exploits are pretty rare.