How prevelant are browser based attacks nowdays?
I remember back in the good old days of ActiveX visiting a malicious site could spell disaster for the user. But from my understanding, browsers today are usually sandboxed so how vulnerable are users to malicious websites?
I am not talking about attacks which redirect users to fake websites for the purpose of credential theft or websites that trick the user into downloading something, but rather direct no click threats from the website visited (like automatic background downloads or JS related vulnerabilities that work without user interaction).
When I visit known malicious websites for research purposes, I always spin up a brand new clean VM and then kill it immediately after, but I was curious as to what sort of attacks are still viable today?
