It is very difficult to casually infect a Mac without your active participation in providing your Admin password. Most of these bogus messages are generated by javascript in sleazy Ads from sleazy Ad services that pay web sites to carry the Ad service.
Some web site operators have no idea how bad they are, but if you notified them of your displeasure, some web site operators might take notice.
standard procedure is to, in this order (until you obtain relief):
close web page.
close browser.
Force-quit browser.
restart computer.
if you hold shift at startup, you will enter safe mode in may cases. No add-ons can load, but it may not be as productive as regular mode.
if you hold shift immediately after you login, no previously-running apps will open automatically.
if you hold shift as you open your browser, no previously-loaded web pages will load automatically.