My understanding is that same-old memory safety errors in C++ are still the main source of initial exploits for these browsers. Chromium has been looking at things like MiraclePtr, whereas Mozilla has been moving to Rust and RLBox (and Chromium is trying the former, too):
https://security.googleblog.com/2021/09/an-update-on-memory-...I think I agree with the other poster saying that "practically speaking there's probably not a ton of difference".
There used to be a wider gap, but both browsers have all the important stuff now, with any differences being much more incremental. I assume neither is going to get rid of their shitty old C++ codebase anytime soon, which would be the real win.
For sandboxing you're also restricted by what the OS offers in the first place. So expect innovation on Android, or ARM macOS, not Chrome/Firefox on Windows.
