I think it's more a case that browsers take security into account at the feature design phase, whereas other applications don't. That's actually a huge step in the right direction. Same thing with mobile OSes, which have a very preferable decision to sandbox individual applications, instead of running them with full user permissions & full user data access, like desktop OSes do.

Now, whether the browsers or mobile OSes actually are secure because of that, is a separate thing, but those are good steps to take.

> which have a very preferable decision to sandbox individual applications, instead of running them with full user permissions

It's great that they took security into account during the design phase. I wish they had also taken into account user empowerment. They sandboxed all the apps and in so doing made interoperation, plugins, patches, mods, etc basically impossible. Now the most widely-used form of personal computer is more like a portal to digital services than it is a computing platform. It's sad to see, and I refuse to believe that it's one-or-the-other when it comes to security vs power.

> I think it's more a case that > browsers take security into > account at the feature design > phase.

I think that many software people do this. It's likely that you are more familiar with a browsers development cycle.

Browsers weren't really secure by design until IE first introduced a browser sandbox sometime in the IE8 days and then Chromium came along and set the standard for sandboxing.