Genode and Sculpt actually go a long way towards abstracting away the complexity.
It took serious effort to get to such easy to use components and such high level abstractions of capabilities.
Running a modern webbrowser perfectly caged with the capabilities it needs (and no more) is quite the feat they achieved. It even has hardware graphics acceleration.
I imagine the hardware can't DMA all over RAM thanks to iommu, and the driver can only talk to its associated hardware.
Past that (textures being visible from the wrong process, gpu memory being reusable without clearing), I have no idea, and I would love to learn more about.
As long as acceleration is not involved, nitpicker does an excellent job of isolating applications that are "sharing the desktop", and preventing many dark patterns. AIUI it predates Genode, but people who were involved in it from its earlier times are now part of Genode.
It took serious effort to get to such easy to use components and such high level abstractions of capabilities.
Running a modern webbrowser perfectly caged with the capabilities it needs (and no more) is quite the feat they achieved. It even has hardware graphics acceleration.