ChromeOS puts Chrome in a nice safe sandbox (in addition to the sandboxing of Chrome tabs that happens on all OSes) that used selinux and other technologies. This requires modifications to Chrome. Replicating that for another browser might be harder than modifying ChromeOS to add something like this.
If you have to use it for work “whether you like it or not” then you’re extremely unlikely to have the permissions to install your own root certificate, which is a lot more sensitive operation than running Firefox.
Well then they’re able to install and run Firefox.
My point is the only situations where you have no control over browser installs are when the machine is locked down in such a way that you also cannot install root certificates.
Not necessarily. And there’s plenty of browser based software/services that do not work with Firefox or have a limited functionality with Firefox that are required for work.
I know back when I did more freelancing with podcast clients this was a constant problem. The OS folks were using could reek havoc if it wasn’t safari, edge, or chrome 90% of the time.