Uhm...all major browsers have a long history of remote code execution bugs, and almost certainly still have remote code execution bugs that aren't publicly known yet.
Heck, even if we just consider databases, the IndexedDB implementations in both Firefox and Chrome have had remote memory corruption bugs of the type that are often exploitable for remote code execution, although I don't know if anyone ever actually built such an exploit.
They all have different remote code execution bugs so those bugs can and should be fixed. The reason to not standardise on a specific single implementation is to make sure those bugs do not become part of the web platform
Heck, even if we just consider databases, the IndexedDB implementations in both Firefox and Chrome have had remote memory corruption bugs of the type that are often exploitable for remote code execution, although I don't know if anyone ever actually built such an exploit.