Threat actors may gain access to a system through a user visiting a website over the normal course of browsing. Multiple ways of delivering exploit code to a browser exist (i.e., Drive-by Target), including:
This type of attack technique cannot be easily mitigated with preventive controls since it is based on the abuse of system features.