Curious where you got the idea of a “secure sandbox” from lol. Websites are programmed to load web pages. Those web pages can have harmful scripts on them that the browser activates as part of the loading process, and that can result in your computer getting infected with stuff like adware, spyware or viruses. Sometimes it’s not even actually on the site itself – the site can host a container for an advertisement, where the advertisement is getting fed from somewhere else, and sometimes an infected ad can be displayed. Browsers *are* getting better at trying to block this stuff you still have to be cautious about where you browse.