Not without a sandbox escape, at which point you often have more juicy targets without even getting to root (e.g., bank account credentials). The attack requires the ability to open a terminal device and do strange ioctls on it. Web browsers don't open terminal devices at all, so you are pretty unlikely to induce the browser to reuse parts of its code to do it; you'd need the ability to run arbitrary code.
