Is it possible to transfer a virus through browser video?

but the implication in the other question is that videos in question have been downloaded and played by media software on the target computer.

No it is not. The implication is that there need to be a bug in the code handling the data. For instance the ffmpeg library is used in browsers like Chrome or Firefox and it had several serious bugs in the past. And of course Flash had lots of vulnerabilities too so the problem exists for both HTML5 and Flash based media playing.

Presumably the browsers are somewhat sandboxed...

This is an assumption which is not necessarily true. Some browsers like Chrome or Edge are sandboxed and some like Firefox are not sandboxed (yet). In case of sandboxes it gets much harder to exploit but it is not impossible as regularly shown at Pwn2Own.


A web browsers video system is just another video player, so the same problems apply which were mentioned in the linked question. The smaller set of supported video codecs greatly reduces the attack surface, but doesn't make bugs in the decoders for these formats inconceivable. The Adobe Flash plugin is renowned for its plethora of security bugs in the past allowing all kinds of nasty exploits. Keep in mind that a flash animation which looks like yet another video player can do much more than just playing videos, and you have no easy way to find out what exactly it does without running it.

While some web browsers try to improve security through sandboxing, such approaches are not necessarily 100% effective. There were known methods to break out of a browser sandbox, and it might be possible to use these methods through vulnerabilities which can be exploited by playing a malicious video file.