The spiraling complexity of such threats serves as strong evidence that the battle between malware writers and browser makers is only beginning to heat up, and will continue for some time, the analyst said.

Wang believes that one answer to the security problem will be for browser makers to adopt more rigorous software development efforts to minimize vulnerabilities, but even those improved processes won't catch every flaw.

Microsoft's Security Development Lifecycle (SDL) program, for instance, appears to have lowered the number of vulnerabilities in its newest Internet Explorer 7 browser compared to earlier versions of the product, but the company has already been forced to patch at least one critical flaw in the software, which was released in Oct. 2006.

"This is going to be an arms race that is ongoing for the foreseeable future," Wang said. "There is no excuse for people on the defense side not to be more proactive with security and use better mechanisms during software development to protect against future attacks, but the attackers will always have some new approach as well."