ChromeOS threat model: After remote code execution exploit in some Chrome process + chained sandbox breakout exploit + chained privilege escalation to root/kernel mode, the user should be safe again after rebooting the device.
I don't understand what you're suggesting. ChromeOS has an extensively documented threat model and it is, quite unarguably, vastly more intimate and well defined than any comparable desktop solution in the FOSS world. ChromeOS also has more tight distribution and product requirements for official devices which helps it even further, even compared to something like Android, because OEMs can't shit it up so easily e.g. longer security lifecycle, open bootloaders, mandatory hardware for verified/secure boot, etc.
