Comment by rictic

The security problems of a browser are very similar to the security problems of a traditional mainframe OS.

You need to execute potentially malicious code in isolated containers (processes / pages). You need to protect the system from these processes, and protect these processes from one another. You need to run some code with elevated privileges / additional capabilities (setuid / permissioned APIs), including some with superuser privileges (root user processes / browser extensions).