Only 53 percent of users on a 3.x version of Safari applied a new update within three weeks, wrote Thomas Duebendorfer of Google Switzerland and Stefan Frei of the Swiss Federal Institute of Technology (ETH Zurich) in a .

Also, people running a 3.2 version of Safari are required to apply a Tiger or Leopard operating system update first before getting new browser updates, which slows the overall patch process. Within three weeks of the release of Safari version 3.2.1, for example, only 33 percent of users had it installed.

Opera's browser will check for updates once a week, but a user must go through the same installation procedure for updates as if they were installing Opera for the first time. It's a cumbersome process, the researchers wrote.

Three weeks after a new release, only 24 percent of active daily users of Opera version 9.x have the newest version installed. However, Opera plans to incorporate an auto-update mechanism in its next planned release, version 10.

"All in all, the poor update effectiveness of Apple Safari and Opera gives attackers plenty of time to use known exploits to attack users of outdated browsers," the researchers wrote.