Browse more safely
Keyloggers and other malware can be installed via a web page script which exploits a browser vulnerability. The program will automatically be launched when a user visits an infected site. Compromising a browser is relatively easy, and it is cross-platform, hence an often chosen target. Plus that browsers (for performance reasons) prefetch exposing users to more security risks by downloading more pages, or from un-requested sites (additionally compounded as drive-by downloads become more advanced and diverse).
BeEF & other browser exploits, when not using browser vulnerabilities, rely on javascript.