It would be horrible if we lost desktop computing to a scenario where we need permission from one of the tech giants before running code.

Those who sacrifice freedom for security deserve neither.

I'm afraid it's the other way around. Browsers are (generally) better at sandboxing than OSs. Browsers are paranoid by default. They have to be, because visiting a website is just a click away (compared to multiple clicks/taps to install a native app).

For example, Chromium was able to mitigate Meltdown/Spectre within days, even if the OS was still vulnerable. (Chrome already had site isolation ready to ship, a feature that completely isolates websites into their own process). Even better, Chromium browsers tend to update themselves (or via Google Play) automatically.

Meanwhile, OS vendors were scrambling to ship an OS update.

(Also, worth mentioning that iOS users were vulnerable until Apple shipped an OS update, because every browser on iOS has to use Apple's WebKit)

You can use Qubes OS (a linux that relies heavily on virtualization) if you want that.