> The same logic could be applied to local software, which inevitably is also remote in origin.
One big difference is that one chooses to download the software and install it on a computer. In a browser, everything gets downloaded and executed automatically, including scripts. It's just a matter of opening or being redirected to a URL.
For the average user the two concepts are not so different. Most people wouldn't think twice about downloading an executable, just like they wouldn't think twice about clicking a link.
Which is why it's even more dangerous to browse the web with all receptors (features) enabled.
Add preloading of links on pages, and you have yourself a constant modifying environment (browser) which is controlled by third parties that don't first require a permission dialog.
So, this is much unsafer than consciously running an executable you've downloaded.
You have to give it permission to use USB, though. The USB functionality might also be something included in software you downloaded for another purpose, without your knowledge.
One big difference is that one chooses to download the software and install it on a computer. In a browser, everything gets downloaded and executed automatically, including scripts. It's just a matter of opening or being redirected to a URL.