Often I read about compromise due to visit a malicious site which download some

Question

Often I read about compromise due to visit a malicious site which download some exploit to your computer. I've never seen a detailed process, all books/tutorials I read just say sentences like "once the site is visited, the target is compromised", "redirecting the user to an attacker-owned site which downloads malicious javascript", etc, but that seems a little vague to me...

How does this kind of compromise work? Because apart from exploiting some vulnerability in the web browser (and that must be a 0day nowadays), I don't know with other attack vector could happen.

Explanation / Answer

Generally, most drive by browsing attacks are through browser vulnerabilities, which redirect you etc., but some are through PDF render engines, or in fact any input or display functionality.

These do not have to be zero-days. Many browsers have vulnerabilities - some that have been known for years and have fixes out.

Related Questions

Navigate

• Browse (All)
• Browse O
• Subjects

Integrity-first tutoring: explanations and feedback only — we do not complete graded work. Learn more.