Browser Sandbox
The OS-level isolation that stops a compromised web page from touching the rest of your system.
Every modern browser runs page rendering in a low-privilege process that can't read arbitrary files, launch programs or talk to other apps except through tightly-controlled interfaces. If an attacker exploits a rendering bug, they land inside the sandbox and have to chain a second exploit to escape.
Sandboxing is why browsing malicious sites is far less dangerous than it used to be, and why sandbox-escape vulnerabilities are among the most valuable bugs on the market.
