They're slowly inventing operating systems, complete with hypervisor technology, with all the gargantuan complexity that it implies, to please big business that wants the client OS to essentially become obsolete.
The web browsers are so much more secure than what we had before (just accepting executable binaries from other people), so I look at this as a way forward.
I'm not that confident. Browsers blindly accept and execute whatever they receive. The more features that get added, the larger surface there is to exploit. A case in point: WebUSB as mentioned in the article.
The nice thing though is that, although the added attack surface is there, its not really accessible to web pages until a user grants the necessary permissions. Not really all that different from telling users to execute a native app in that respect.
In this case it's not even an exploit really; more like social engineering. (Tricking users into granting the phishing site unrestricted access to their Yubikey, then using that access to trick the user into authenticating a login session for the phishing site.)
A browser is more secure than a linux namespace with SELinux rules that require explicit approval for any access?
A browser is more secure than Qubes?
The flaw is in legacy software, not in what is possible. Had humanity spent the effort that was spent on browsers on operating systems instead, we'd have had the same security improvements without all the negatives.
When I see a shady link, I open it in a browser inside my virtual machine. I've had attacks on firefox that straight executed a binary on my machine, without me doing anything but clicking a link.