Almost half the online population is at risk because users have not installed security updates to their browsers, says a study.
The Swiss Institute of Technology, Google and IBM conducted the study and found 600 million users had not updated their browsers.
"Failure to apply patches promptly or missing them entirely is a recipe for disaster," the report said.
Cyber criminals are frequently using websites to attack users, it added.
The report authors recommended that a "best before" date, similar to the food industry, should be introduced to browsers, helping to educate users about the need to "refresh" their browser.
Browsers are often "patched" by software providers to tackle recently discovered flaws and security holes.
Criminals exploit these holes with malicious code hidden in websites to hijack machines.
The study said Firefox users tended to use the most up-to-date versions, while Internet Explorer users were the slowest to update their browsers.
More than 83% of Firefox users were using the latest, most secure browser version, compared to 65% of Safari users, 56% of Opera users and 47% of Internet Explorer users.
The study said that not using the latest version of a browser was only one part of the security issues faced by net users.
Dubbed the "insecurity iceberg", the study said many users were at risk due to vulnerable plug-ins.
Plug-ins are small programs which extend the features and functionality of some browsers.
"Vulnerable plug-ins that are accessible (and exploitable) through the web browser extend the insecurity iceberg and form the part hidden below the water surface," the report authors noted.
The study said users were not updating to the latest version of a browser or plug-in fast enough.
"Our measurement confirmed that web browsers which implement an internal auto-update patching mechanism do better in terms of faster update adoption rates than those without," it said.
The study commended the "single-click" update feature of Firefox's browser as the "most efficient" patching mechanism.