Since a common attack vector involve bugs in the browser that goes along the lines of "infected JS code is injected, executed on the site, causes the infection to break out of the sandbox of the browser engine and then allow execution of malicious code on the machine", I would approach this as follows:
1. Use adblock (Ublock Origin) and Scriptblock (NoScript) together with other security/privacy addons (PrivacyBadger etc).
2. Sandbox the browser by running it in an isolated sandbox (Sandboxie et al).
3. Use a Linux VM for browsing instead of Windows.
I don't believe in the simplistic "update everything daily" approach when there's one zero-day exploit after another. It is like trying to avoid corrosion by washing away the saltwater daily rather than use anti-corrosion paint et al.
What I am doing myself is to set up a VM running Ubuntu MATE, which will be the main "Internet machine" in order to protect my two Windows installations (7 and 10) from this kind of issues as an extra layer of security.
The most important thing is to always run the browser in some kind of sandbox or even a VM (under a different OS) besides using proper add-ons since the most common vector will be destructive scripts that use different bugs to "break out of the sandbox" (modern browsers do have their rendering engines sandboxed but it's necessary to have another layer around the browser itself, be it a sandbox like Sandboxie or even a VM).
Blocking ads and scripts are the most important things to do and also to have a dedicated browser for things like banking (a browser that is ONLY used for those kind of purposes).
So far, adblock, adblock over DNS, scriptblock etc have worked brilliantly over the years. The biggest security threat is all this propaganda in mainstream media about "you are safe when you update" since another zero-day exploit just nullifies all "updating". It just doesn't matter if you are updating until you are blue in your face when another of those issues land and is being exploited.
Better to simply consider a browser to be "potentially unsafe" and use a condom (sandbox it, run a Linux VM for browsing etc). Running a "different OS" for Internet activities is what I would consider the safest approach in order to "shield" the host OS from browser/online related threats.