You are placing a lot of trust that the operating system this fictional web browser is running on is capable of perfectly isolating all of these avenues like you described. Try developing this on Windows and tell me how airtight it is.
Fact of the matter is mainstream operating systems do not have fine-grained permission models. You would have to develop it all yourself. And once someone is able to compromise your fancy sandbox (as has happened with browsers before) now they have free reign to kick everyone's sand castles over, because the underlying system has no way of preventing it from happening.