Infected site percentage rates in real life might be different (higher or lower) than this, for several reasons. The Google study used browsers with apparently no plugins. In real life, most users have Flash, Java, etc, thus increasing the attack surface. The Google study used virtual machines, but some malware detects the presence of virtual machines and avoids behaving maliciously in the presence of one. Finally, the Google study uses random URLS. In real life, some sites are much more popular than others, and thus URL usage is not random. It's important to mention that this number is not the same as the infection rate, because landing on an infected site does not necessarily lead to an infection, due to the operating environment and types of security measures used.