Bottom line is friends don't let friends run critical workloads without virtualization or containers, or other means of isolation/sandboxing.
Agree.

If you are running "critical workloads" on a desktop install, you deserve what you get.

If you allow your browser to run code from other people outside some sort of constraint system, outside display-only tags, I think you are fool. Most of the world doesn't know any better. We do.

Friends shouldn't allow other friends to run their browsers in a careless way.
Friends shouldn't allow other friends to run their fat email clients in a careless way.
Friends shouldn't allow other friends to use cloudy services, unless they completely understand the privacy they are giving up.
Cloud computing is careless computing.
- RMS https://www.theguardian.com/technolo...chard.stallman
and
The concept of using web-based programs like Google's Gmail is "worse than stupidity", according to a leading advocate of free software.
People who allow others to run code on their local machines aren't too bright. Allowing webRTC or javascript to run inside a browser from untrusted servers is pretty stupid. If they can't gain local access, then they can't use a local escalation. Seems pretty obvious. Sadly, many new admins think that just because something works, their job is done. Hardly.