I'm not that confident. Browsers blindly accept and execute whatever they receive. The more features that get added, the larger surface there is to exploit. A case in point: WebUSB as mentioned in the article.

The nice thing though is that, although the added attack surface is there, its not really accessible to web pages until a user grants the necessary permissions. Not really all that different from telling users to execute a native app in that respect.

In this case it's not even an exploit really; more like social engineering. (Tricking users into granting the phishing site unrestricted access to their Yubikey, then using that access to trick the user into authenticating a login session for the phishing site.)

Imageine if there is an USB device with new Chrome WebUSB driver (which has necessary permissions) and then vendor's website gets hacked.

A browser is more secure than a linux namespace with SELinux rules that require explicit approval for any access?

A browser is more secure than Qubes?

The flaw is in legacy software, not in what is possible. Had humanity spent the effort that was spent on browsers on operating systems instead, we'd have had the same security improvements without all the negatives.

And yet, at quick glance, Chromium THREE TIMES more CVEs than the Java JRE...so it might be more secure than before, but lets not celebrate just yet!