Comment by blueflow

Your router will open up any port for an ephemeral forwarding if the traffic looks like that forwarding is warranted. Any application can open arbitrary inbound pathways. "Application" also includes the Javascript you run in your Browser. Which is externally controlled.

Security folks call those techniques "hole punching" but they are how NAT is expected to work.