1- suppose any random link that you encounter in public internet<p>2- you click on the link<p>3- a new tab opens in your browser<p>4- you don't download anything but close the tab<p>now what is the worst thing that could happen after this moment?
There's no theoretical limit. That's what the concept of a "zero day" is all about. It's entirely possible that some undiscovered vulnerability allows an attacker to remotely hijack your entire PC, steal all passwords, and completely ruin your life just by opening a webpage. Is it likely? No. But in terms of the "worst thing possible" there's really no upper bound.
When I was younger I used to believe that nothing serious could happen because I don't use Windows and "I was smart enough" to not execute malware (yeah, I didn't care on downloading it; how wrong I was).<p>Someone already mentioned zero days but let me elaborate a bit on what can happen when visiting a website:<p>- Without zero days involved, you are already disclosing digital information, ip address, browser fingerprint, precise location access could be granted with relaxed browser settings, etc.<p>- As a dev, you may have services running locally, let's say, postgres, web servers, etc. -sometimes we install stuff and forget about it- the malicious website could access these.<p>- It could try using your sessions for other websites.<p>- It can also interact with your browser extensions, many of these do not take precautions for this.<p>- It can also try using your hardware, camera, microphone, bluetooth, we now even have webusb.<p>- It can also try to use your CPU/network for cryptocurrency mining or attacking other servers, it could even use you as a proxy while you are on the website.<p>- With zerodays, it could do just anything.
Well, the front could fall off. [1]<p>[1] <a href="https://www.youtube.com/watch?v=3m5qxZm_JqM" rel="nofollow">https://www.youtube.com/watch?v=3m5qxZm_JqM</a>
It might not be as easy as it used to be, but when I did remote PC tech support ca. 2008-2010, all day every day was almost nothing but removing infections of rogue (fake) antiviruses and their supporting rootkits that people got via "driveby download" -- no stupid mistakes needed (unless you count browsing without an ad blocker).
> 4- you don't download anything but close the tab<p>Does your browser show anything in this thought experiment or are you so quick to close the tab the browser hasn't even connected to the server? If it shows anything you have downloaded something. That is how it is shown in the browser. With a malicious payload you cannot know what might happen as uejfiweun says.