What about sandboxed native apps? If the browser can do it, why can't native apps do it as well?

It's much harder than it looks. I've investigated all this very deeply and should really write a blog post about it.

A blog post would be awesome, I haven't done a massive deep-dive. (and no pressure if you end up not writing it)

The gist is that native sandboxing is a mess of undocumented APIs, very different approaches between operating systems, one-size-fits-all policies, kernels are full of bugs, the whole setup is a nightmare to debug and to top it off there are no useful cross-platform abstractions. Not even Chrome has one; beyond Mojo the sandbox is a pile of special cases and platform specific code all over the codebase.

We have sandboxing technology on every modern operating system.