If you want sandboxes then use Flatpak or force Microsoft and Apple to implement a standards compliant sandboxing API. The web browser is not the place to do it and people should be looking at how this will be used to run binary blobs anytime you visit a site.
I know folks are excited about webassembly but it's a security nightmare. JS alone is bad enough with most exploits I see that can get you infected just by visiting a page requiring it even when the issue doesn't lie in JS directly. The idea of letting any random website you visit run code on your machines should give anyone pause, but it seems like everybody is just too excited about the powerful web applications they could make to worry about the malicious web apps that will be created as well.
For now I've got webassembly disabled, and I don't see that changing
