Can a website in itself be dangerous?

Web browser are programs that can have vulnerabilities just like any other software.

This means that simply browsing a web site with a web browser that has a remote code execution vulnerability could in the worst case lead to an attacker being able to execute code with the permission of the web browser.

Modern web browsers use a sandbox system that should prevent such code from causing damage, but again these systems aren't perfect and hackers may find ways to escape from the sandbox and infect your system.

The developers of web browsers like Google, Mozilla, Apple close those vulnerabilities when they get to know them, but a number of vulnerabilities occur as "zero day vulnerabilities" which means that they are first used to attack users and then they get notices, e.g. by anti-virus companies that then inform the web browser developers. Then a fixed version has to be developed and distributed to all users, which can take some time.

In conclusion you can say that surfing web sites can harm your computer if you are unlucky and there is an unfixed vulnerability in your web browser.

As a large number of those vulnerabilities require JavaScript it is a good idea to disable JavaScript for suspicious web pages. You can do so e.g. using add-ons like NoScript.

If you take a look at this and previous generation of video game consoles (PlayStation 4 and 5, Xbox One and Series), the web browser is what is used to exploit bugs in the firmware to gain access to features that aren't normally available. The user who wants to exploit their console visits a specially prepared website and that's basically it. The same exploits can be used for malicious purposes.

And yes, this is a good analogy to PCs: these consoles are running an operating system like any personal computer and their browsers are based on Webkit - the same engine that powers overwhelming majority of desktop browsers*.

Why are exploits like this not so common on the PC? I suppose mostly because desktop browser vendors are much better at keeping their browser up to date. All major browsers are evergreen, ie. they auto-update to the latest version as soon as it's released. With consoles, the browser is bundled with the firmware and they don't seem to do a very good job keeping it up to date - possibly because it's more tightly integrated with the rest of the system and they can't afford to re-test everything thoroughly every time a minor patch is released.

* More precisely, Chrome and some of its relatives are powered by the Blink engine, which is based on Webkit. Firefox is the most popular Webkit-free browser as of now, but the same principles apply.

Websites could be dangerous if browsers have vulnerabilities. But even if there aren't any vulnerabilities in your browser, they could be dangerous depending on your definition.

• They could exploit vulnerabilities in other websites, for example to steal your account, or bypass the firewalls between the internet and your local network. Or they simply attempt DDoS to another website using your browser, which may do damage to that website, or get you blocked from the other website, or both.
• They could run mining scripts of a cryptocurrency.
• They could make your system freeze simply by using a lot of resources in some cases.
• If the link is specifically designed for you, it would leak your IP and location information, some system information and settings, and the fact that you actually clicked it, implying you have read the message.
• In case you are hiding your activities from your ISP by using some kinds of proxies, in theory they could know you if you visit a given website, by measuring the bandwidth.
• Might not be intended, but they could make some 3rd party ad platforms show unfriendly ads in the next days.
• Some captcha providers say they could analyze the user's behavior and simplify the process to just one click in some cases. I don't know how it works. But if it works, in theory they could break it by copying your behavior.

It might not target the hardware but a website could be designed to specifically exploit the risk some people have to induced epileptic seizure and in that way actually be medically dangerous to the user. I could well see an argument that such a website would in fact be more dangerous than one that merely exploits random security flaws.

Yes. Even simple images without any HTML, let alone any active content, can be used to exploit vulnerabilities in image viewers, including browsers.

Here is an older example. As-is it "only" crashed the browser but I think as a general rule such bugs can potentially be used to execute code.