I’m confused. Why would browsers’ isolation of anything preclude rendering native controls? Native controls aren’t all in some global singleton process shared across non-browser apps (at least not in any environment I’m aware of, and the thought of a design like that fills me with dread).

All a browser needs to do to render native controls securely is to render them as opaque to the JS/DOM runtime. This has even been formalized as “shadow DOM”. At least so far as I’m aware, Safari still renders native controls by default. Other browsers vary in their use of native controls but that’s been the case for decades.