There is another improvement coming before prompt that may (it will depend on the sandbox) also take care of many of the browser sandbox issues, as well as a few other uses of unprivileged user namespaces. On user namespace creation we will be able to transition the profile to a new profile with a reduced set of privileges. Having a catch-all profile that allows creation of user namespaces for a sandbox that doesn't need any elevated privileges but is instead just being used to achieve, pid and uid separation.
There is another improvement coming before prompt that may (it will depend on the sandbox) also take care of many of the browser sandbox issues, as well as a few other uses of unprivileged user namespaces. On user namespace creation we will be able to transition the profile to a new profile with a reduced set of privileges. Having a catch-all profile that allows creation of user namespaces for a sandbox that doesn't need any elevated privileges but is instead just being used to achieve, pid and uid separation.