Modern browsers have multiple processes with different sandbox policies. The renderer process handles untrusted web content and is heavily sandboxed. The browser process does all the other stuff required to interact with your computer (and is generally much less isolated).