Or you visit a webpage that makes a request to an arbitrary server on an arbitrary port while not running a default-deny application firewall

▲

Sohcahtoa82 an hour ago | parent [-]

I don't believe that opens a port to accept an incoming connection.

Even if it did, a web page making a request can't control the source port for the connection. They still couldn't make a local network service exposed to the Internet.

	▲	reincarnate0x14 35 minutes ago \| parent [-]
		WebRTC and similar tools have existed for over a decade at this point and been abused horribly. Many common UPNP or similar daemons trust ANYTHING on the "trusted" side and will happily grant basically anything asked for because their vendors don't want customer support calls over whatever insane behavior some printer or IOT lightbulb is doing without the end user's knowledge.