Modern browsers use a wide range of techniques to attempt to protect the underlying operating system from browser application level compromise. This, not surprisingly, is very difficult to do today.
The browser you're using to read this is essentially a virtualized computer that runs at the user level of your computer. It has networking capabilities built in via WebSockets and asynchronous processing via Web Workers. It has persistent storage. All of this is built into the browser itself, which is used to load arbitrary and provider-defined content from around the world. Seriously — open a mainstream news site like Al Jazeera or CNN with developer tooling enabled and take a look at the network traffic. Visiting that one site results in your browser firing off hundred(s) of requests to a wide range of sites. And many of those sites you've probably never heard of.