As Web-based attacks have evolved, browser makers have added security features to protect your system. Most current browsers have features to help identify the true root domain of a given website (so you don't get taken in by a phishing scam), and have controls in place to block malicious Web code. If you are using an outdated browser, though, it will protect you only against outdated threats, leaving you virtually defenseless against the latest malware.
A malicious Web app may be able to access information across tabs from within the same browser session. So if you open a tab to a secure site--typically indicated by the "https" at the beginning of the URL--don't open additional tabs to lower-security (non-https) sites within the same browser window.
You should also treat browser plug-ins and add-ons with caution. Plug-ins and add-ons are great for expanding the capabilities of your browser and for making certain tasks more convenient, but they may also contain poorly written code with weak spots that Web-based malware can exploit. Choose your plug-ins and add-ons carefully--and only from organizations you trust.
People today connect to the Web from a more diverse array of devices than ever before. Web apps are more convenient and universal than locally installed software, but they come with some risks as well. Make sure you understand the nature of the threats, and take steps to recognize and defend against harmful Web apps so that you can productively enjoy the vast majority that aren't malicious.