Most major browsers, including Edge and Chrome, do this and are really good at it.
> closely monitor your deps for vulnerabilities and ship patches as quickly as possible
Most major browsers do this too, and they have well-established update pipelines that can patch vulnerabilities in short order.
> choose deps with a better security track record, when possible
Most major browsers do this (e.g., "boringssl").
> independently scan, test, and validate the deps you bring in
Most major browsers do this as part of QA and vulnerability scanning.
> things you can do in an electron app:
> * pray
* leverage all of the work that thousands at Microsoft, Google, Mozilla, etc., put into deploying what I suspect are the most heavily-attacked, heavily-scrutinized, and heavily-audited software platforms in existence.
Not that I'm specifically advocating web apps over native apps, but I don't think your list does a good job outlining their advantages.
* run rendering in a sandbox
* closely monitor your deps for vulnerabilities and ship patches as quickly as possible
* choose deps with a better security track record, when possible
* independently scan, test, and validate the deps you bring in
things you can do in an electron app:
* pray