So this isn't about "time to patch" of browser vendors but about frequency of checking for browser updates and whether updates are applied "silently" or the user given a chance to back out?
The study apparently concludes that an operating-system vendor that distributes a browser should have a separate update mechanism running in the browser? That would seem to be the gist of the criticism of Apple and the implied criticism of Microsoft. But why should the browser require an entirely separate mechanism running on a different schedule?
Does the study have a downer on Linux distributions that take care of *all* updating -- even including 3rd-party software -- through a package manager? That's always seemed to me to be an eminently sensible arrangement whatever the Swiss think.
As for Google's updater, it *isn't* a browser updater. It updates *all* Google software, much as Apple's Software Update updates all Apple software and Microsoft's Windows Update updates all Microsoft's (System) software.
Is the study overexcited about the fact that Google Updater runs on its own schedule that can't be modified, checks very frequently, and installs updates silently? That does mean that users can hardly avoid taking the patches. That's good for home users perhaps, but I can't see IT departments falling over themselves with glee at that. Business needs to test patches and roll them out to users itself when it's satisfied they don't break anything else.