Now it is extremely difficult. Infection is possible through four channels:
• Vulnerabilities of a specific browser. By the way, this is one of the reasons why each Chrome tab is a separate (and low-privileged) process: if the process is hacked, there is less chance that it will come to mastery of the computer.
UPD. This is a set of data (for example, a specially created GIF / JPEG / HTML), which, for example, punches a buffer in the browser.
• Plugin vulnerabilities. Vulnerabilities in Java are such a fucked up thing that I won't even talk about it; it seems that even Oracle themselves abandoned Java on the web. Flash is updated every week. Plugin vulnerabilities are bad for two things: 1) Let there be one browser in the world now - there are two dozen more hangers-on and three browsers "the pipe is lower, the smoke is thinner." And Flash is one for all; 2) The old plugin API, left only to Flash, is a big security hole.
• Vulnerabilities in other software. It would seem that you are downloading a PDF - and this is an exploit for Adobe Reader.
• "Trojan horses" - but it is already necessary to run EXE with your own hands.
By the way, in our pirate culture, it is believed that UAC should be turned off as soon as possible, and it is turned off in all "left" distributions. In my opinion, this is fundamentally wrong.

injection of code and redirection to launch a virus / trojan, etc.
https://antifraud.drweb.ru/phishing/how_to_infect
https://www.kaspersky.ru/blog/vredonosy-na-bezopas...

How can you get a virus just by visiting websites?

1. For starters, yes, javascript can be vulnerable.
2. Vulnerabilities in the browser and OS (for example, the implementation of standard functions and libraries that allowed code to be executed from a cleverly made .gif or .pdf)
3. Various browser plug-ins can be vulnerable. Plugins commonly installed are flash and java. Now browsers refuse this, but not all sites have switched to html5 / javastart, you have to support it.
4. Various updates to the software that you have installed and updated periodically can be compromised.
5. Vulnerabilities at the iron level. I'm not sure, but as far as I understand, meltdown can also be stirred up through the browser.
6. IE may have its own vulnerabilities through ActiveX
7. Third-party software that opens via links (messengers, email clients)

Cookies.

Mind manipulation. In fact, browsers infect computers through protocols developed by the WWW consortium. Allegedly "vulnerabilities". It's just an opportunity to run arbitrary code. A passive viewer cannot infect in any way. Browsers used to be simple. But they are constantly updated. Supposedly to fix a vulnerability. But in fact, all users are dependent on corporations that do not work in the interests of ordinary users. Computers are also built on an open architecture. Everything gives access to control and espionage. Nobody blames WWW, IBM, Google. Deal with secondary issues. SMDI (disinformation) inspire stories about hackers, antiviruses and updates. And they collect money. Moore's Law is also collusion. Same story for phones. Windows 10 is built on the principle of totalitarian control. Parasite programs live in it, that use your PC's resources, slowing it down. And if today they have good intentions, then tomorrow is unknown - the system is constantly updated, and synchronously. And tomorrow your PC will act as Microsoft deigns. Processors can also be flashed (microcode). Updates happen imperceptibly and regardless of your consent. Shadow processes are doing their job. Microsoft does not bear any responsibility, otherwise the errors would have been immediately corrected and they would not have bulged out forever updated shit. Updates happen imperceptibly and regardless of your consent. Shadow processes are doing their job. Microsoft does not bear any responsibility, otherwise the errors would have been immediately corrected and they would not have bulged out forever updated shit. Updates happen imperceptibly and regardless of your consent. Shadow processes are doing their job. Microsoft does not bear any responsibility, otherwise the errors would have been immediately corrected and they would not have bulged out forever updated shit.