0

I was not sure about it and I got some answers from internet but didn't get the logical reasoning behind it.

If I just click on a malicious link it might open a new tab, or it might download something. When it opens a new tab, it might download certain things in the browser cache, which should get deleted after restart, and which should not have executable rights.

Secondly, if the tab offers to download something, by browser would ask me what to do.

So, I can't understand how can I get hacked, just by clicking on something malicious?

Porcupine
  • 101
  • 2
  • 2
    Some malicious website could exploit security issues and thus require no further interaction. The phrase for this is "drive-by download attack". Possible duplicate of [Do drive-by attacks exist in modern browsers?](https://security.stackexchange.com/questions/172582/), [Drive-by downloads](http://security.stackexchange.com/questions/53929/), [Is there a real possibility of getting malware by “drive-by”?](https://security.stackexchange.com/questions/17852/). – Steffen Ullrich Dec 20 '20 at 08:01

1 Answers1

0

Yes, you can get hacked by just clicking a link.

Consider what happens when you install an extension in your browser? That's a link. Also, who said that your browser cache and history is completely secure? Most of us have our bank account details and other sensitive information stored there. You click a link and foreign code is downloaded and run on your computer -- horribly dangerous behaviour if you ask me. Any weakness in your defenses, or flaw in your security models, and you could be open to exfiltration of sensitive info and have your entire life ruined.

Are there any disclosed vulnerabilities in browsers that would allow such an attack? Maybe, maybe not, but the impact is high enough that even a small risk causes this to be a major concern.

Ok, I'm overplaying things for dramatic effect. Most people won't get hacked this way and the web is for the most part safe. It is likely that such hacks will take the resources of state-sponsored hackers. But, if you're in a sensitive job, maybe state-sponsored hackers are interested in your data and you should be very careful about which websites you visit. Even if you're not, then you should be aware of which part of the web you're browsing -- news outlets, programming sites, entertainment, probably all safe, but if you're looking for hacking tutorials and dark-web resources, then caveat emptor.

Software Engineer
  • 149
  • 6