It seems to me that this kind of sandboxing is required by many (all?) programs dealing with potentially hostile data. Web data, photo's, video's, mp3's, ISO's, ... are all potentially dangerous. Some attacks are just more common then others. So you'd like all desktop applications to defend themselves. Applications need a (kernel provided) way to create their own sandbox before touching untrusted data. Approaches like Chromium's seem like engineering around a kernel limitation.
If the kernel would provide a flexible mechanism for an application to limit what it can do, the threat of hostile data could be reduced. A combination of user level chroot ("This application doesn't need anything outside this directory.") and an allowed system call mask ("This application will only use these system calls, it doesn't need the rest.") should severely limit what an attacker can do.