Back when grsecurity was still public I would've said that using it with Chrome provided the best security you could get on Linux. Between the defensive mitigations it added through PaX and all the other little things (like making chroots actually behave like jails) it greatly increased security. This is without even using any MAC system.

I'm not entirely sure how things stack up now. In the past I never had much faith in the vanilla linux kernel.