better than modern web browsers for sure. qemu guest escapes are mostly in rarely-used peripheral devices, most recently the floppy driver. for less-trusted guests you can simply disable such devices though.
if you say "but what about the defaults", look at the number of new web interfaces though: web audio, webgpu, webusb, webgl, html5 audio/video, several media decoding interfaces... all of them with new and exciting vulnerabilities, most can be disabled but enabled by default.
if you say "but what about the defaults", look at the number of new web interfaces though: web audio, webgpu, webusb, webgl, html5 audio/video, several media decoding interfaces... all of them with new and exciting vulnerabilities, most can be disabled but enabled by default.