Chrome is designed to guarantee that web content never cohabitates in a process with chrome:// URLs. Unfortunately, in this case that code was buggy.

There's nothing fundamentally different about Chrome's approach here than what you are advocating.

At some level, these policies have to be implemented with code, and that code can have bugs.