This system goes at least 2 layers deeper. System itself makes sure that each window has its own desktop environment and can't see others. Hardware takes care about the separation between security containers the apps are running in. Protection of the app itself is just the first line of defence and is not going away, so whatever sandboxing exists in the browser still applies.
They are also talking about protecting hardware sharing from being used to cross boundaries which is another layer of paranoia (not unwarranted)