I understand and appreciate the work Project Zero does; it makes us all safer when these bugs are found, and fixed. It just seems like the only project zero blog posts that make the front page are aimed at Microsoft or Apple.
"We’re not placing any particular bounds on this project and will work to improve the security of any software depended upon by large numbers of people, paying careful attention to the techniques, targets and motivations of attackers"
You can also see in the dom fuzzing blog post this page links to (https://googleprojectzero.blogspot.com/2017/09/the-great-dom...), that they fuzzed chrome as well and found bugs.
But they really just don't publish that many blog posts in the relative scheme of things, relative to the number of issues they find/report.
They find and report (publicly) plenty of Google product issues.
So i'm not sure you can really draw anything just from the small sample of blog posts they do write.
(IE Google bugs have the same disclosure rules/timelines/etc)
With finite engineering resources, there's always a tradeoff between maintaining backwards compatibility and making forward progress. I think SMIL would be something better left behind.