It's not all catbox links it's just some combination of random letters triggers the filter, I've seen it before with a certain link.
>people host malware on that site
Okay so don't download and run virus.exe
>especially dangerous because of the sound webm trend
That's a userscript you have to install and it just reads a link from the filename/embedded image data.
>you could just hover over a thumbnail and then boom
Never happened. If you can make a specially crafted media file that exploits a browser or escapes the sandbox then you have an extremely advanced severe zero day exploit that would be worth millions to government or other bad actors why are you randomly wasting it on 4chan lol.