Often I read about compromise due to visit a malicious site which download some exploit to your computer. I've never seen a detailed process, all books/tutorials I read just say sentences like "once the site is visited, the target is compromised", "redirecting the user to an attacker-owned site which downloads malicious javascript", etc, but that seems a little vague to me...
How does this kind of compromise work? Because apart from exploiting some vulnerability in the web browser (and that must be a 0day nowadays), I don't know with other attack vector could happen.