Possibility of Web browser being exploited

[Nikos751]

I was educating myself on info about ways a browser can be exploited and session & other related data can be stolen without necessarily infecting the rest of the system. The techniques are various but noone clearly states how possible is to come through such incidents considering the user is visiting every kind of website but not explicitly downloading any suspicious file from them.
So, what exactly going on with that? What kind of protection measures, except from disabling scripting or using addons like noscript, can a home user take in order to be protected from the specific issues;

 

[Ink]

Keep your OS up-to-date, and only allow trusted members to use your PC.

Always use the latest web browser version and install security patches.

Limit the number of trusted extensions, add-ons and plug-ins used on the browser. Some 3rd party, including Antivirus add-ons can increase the surface of attack. Uninstalling or Disabling plug-ins is another measure, when not in use.

Be aware of Phishing sites, Email scams and Suspicious downloads. Get an Adblocker.

 

[Nikos751]

I always have apps & system updated and any addons/extensions installed and enabled are always needed while flash is set to be activated manually for any elements. So, I guess I am OK. Only javascript is not sth that I cannot leave it disabled as its a pain to enable it for every website I want to view properly.

 

[Cch123]

Depending on your browser, you may choose to add EMET too as an additional safeguard.

Regarding your question about how possible is it to come get hit by an exploit, if you stick with trustable sites, the chances are minimal unless you unfortunately visited when a malvertising attack is underway. Which is pretty rare if you are wondering. Meanwhile if you choose to visit shady sites the chances gets far higher.

 

[Nikos751]

Depending on your browser, you may choose to add EMET too as an additional safeguard.

Regarding your question about how possible is it to come get hit by an exploit, if you stick with trustable sites, the chances are minimal unless you unfortunately visited when a malvertising attack is underway. Which is pretty rare if you are wondering. Meanwhile if you choose to visit shady sites the chances gets far higher.

I use MBAE currently, but as I read it does not protect against XSS attacks but is said to provide generally more layers of protection than EMET. I honestly do not know if EMET can prevent XSS attacks. Does anyone know anything on that?
Visiting trustable sites and not shady, is not that easy, as legit known sites can be infected and additionally, someone who does a research on something will visit a lot of pages and noone can guarantee they are all safe and clean.