[throwaway7767]

The attack surface of a paravirtualized Xen VM to its hypervisor is much smaller than a linux application talking to the linux kernel.

Of course it's not perfect, but xen has a pretty good track record. And a significant chunk of the flaws that have been found xen were found by the qubes devs.

[zurn]

The Chrome sandbox setup doesn't correspond to a regular linux application talking to the kernel though. It has a 2-layer sandbox, with the seccomp-bpf and setuid sandboxes. They restrict the kernel interface to a whitelisted subset.