Chrome is the one running any x86 binary the website presents it with, only trying to run a static verification that it won't do anything evil.
Chrome is far more at risk of pwning you (and NaCl sandbox breakouts have been quite common).
Point is, Chrome falls every year at Pwn2Own just like every other browser, but only Firefox has been excluded because it's too easy.
Any website can run NaCl code, you realize that? Even TIDAL uses it on its site for native playback.
Even pages only accessed over HTTP.
Chrome is the one running any x86 binary the website presents it with, only trying to run a static verification that it won't do anything evil.
Chrome is far more at risk of pwning you (and NaCl sandbox breakouts have been quite common).