Which is more dangerous is a matter of debate although NSS Labs references a separate study by AVG that found socially-engineered attacks to be the most likely way for malware to find its way on to a user's PC.
A social engineering attack has the advantage that it recruits the user to agree to a download event thereby potentially bypassing Windows controls such as User Access Control (UAC) and even the warnings of antivirus software. A drive-by attack, especially one manipulating a zero-day flaw, can sneak on to the PC without any of these defences being aware but requires more engineering effort to work.
The claim that socially-engineered attacks are the more significant doesn't entirely accord with the admittedly patchy evidence that exists on the subject.
A recent and revealing assessment by Qualys using its Browsercheck tool found that large numbers of browser users routinely run out-of-date plug-ins for interfaces such as Flash Adobe Reader and especially Java. Many of these have significant flaws that can be attacked by drive-by exploits.
It could be that both sides of this coin -- social-engineering attacks and drive-by attacks -- are equally perilous but in different ways.
A final qualification is that the test was conducted on Firefox 4, since supplanted by the rapid-development replacement, version 5.0, likewise Google Chrome, which has reached version 13. The URL-filtering systems used by these are, however the same as in the previous versions so would be unlikely to make a difference to their blocking performance.