Drive-by trojan cache vulnerability?

I was on the Risk of Rain 2 server which just got hacked and raided. People on the subreddit started talking about trojans being downloaded into the cache from these raiders without clicking on the links during the raid. Seeing as /r/discordapp is conveniently shut down, this is the next best place to report it.

Why does Discord have such a massive vulnerability, and is there anything that can be done about it client-side? I disable Javascript to stop drive-by ads on browsers, but I don't appear to have that ability on Discord unless I stop using the app, but that's beyond impractical nowadays.