If I were wanting do do secure tor browsing, I would use a liveUSB of ubuntu, running virtualbox, running vmware, running tor. On the host ubuntu, I would run a 2nd instance of virtualbox, running vmware, running Chrome.
Networking will be set up so the Chrome inner VM can ssh to the tor VM. The tor VM can access only some whitelisted tor nodes.
Now an adversary that uses a Chrome exploit needs to break out of Windows and 2 layers of VM's before they get to my host. Breaking out of a VM is fairly doable, but breaking out of two will require lots of zero-days chained together (expensive).
It's a bit more secure if you use a proper write once DVD as well to read the live cd. It's a bit slower to boot but the best way to prevent persistence is always to make it virtually physically impossible by not having any physical storage mediums connected
Honestly, if this is a serious concern and you're already willing to go to all the other trouble, you may as well do your most sensitive Internet browsing from your car, connecting only to public WiFi in parking lots, in cities you don't actually live in, and never stay connected for more than a few hours at at time. Or take a hint from history's most secure criminals and don't do any of this yourself at all. Use paid underlings who fear you more than they fear prison and are willing to do time rather than rat you out.
Networking will be set up so the Chrome inner VM can ssh to the tor VM. The tor VM can access only some whitelisted tor nodes.
Now an adversary that uses a Chrome exploit needs to break out of Windows and 2 layers of VM's before they get to my host. Breaking out of a VM is fairly doable, but breaking out of two will require lots of zero-days chained together (expensive).
Same if they find an exploit in tor.