To be fair level 5 self driving car failing is much more catastrophic than a browser being hijacked. But I generally agree with your sentiment.
Unfortunately the only way to find these modes of failure is to have them actually fail. It's impossible to design and release an error free system without real world usage from real people.
It doesn't mean we should just give up and go back to HTML1 though. It just means exploits should be fixed as soon as possible to minimize damage.
And tbh, our browsers today are remarkably secure compared to before. It used to be just common advice to never open weird emails or click weird links, not because they would try to trick you in to handing over info, but because it was realistic that simply clicking the link or opening the email would immediately rootkit your computer. These days unless you are a government most wanted or using a very old system, you are pretty safe.
We used to have school kids coming up with highly privileged attacks on systems to it becoming something the top minds spend months on and get paid 6 figures per discovery for.
There is no need to fall back to HTML1. Before HTML5 and even before HTML4, there was a web markup language that was much more powerful than HTML1, was widely deployed and used, did everything we needed, and worked fine. It was called HTML3 and it was great. That is where we should be right now.
The old web I remember had exploits from flash, java applets, active-x, shockwave, other sketchy plugins people willingly downloaded to access sites, and poorly sandboxed javascript that could take control of your browser window to resize, move, and spam as many popups as it wanted among other worse things. And downloaded "toolbars", https being rarely used, etc.
Even ad blockers and other "power user" extensions (if your browser even offered that) were extremely primitive. etc.
There were websites that could execute user land code through exploits just by visiting a website depending on your browser. And that wasn't uncommon.
It would be completely insane if that was still the case today. But we fixed those issues and evolved.
OP's post shows a major issue obviously. But I would absolutely turn off the entire api with a forced update until it was fixed if I had the power to.
But these sorts of exploits happened back in the day to a worse degree with HTML3 + 4 (can't speak for 1 or 2 though, maybe someone can chime in).
Viewing the bigger picture, the web is way more secure now than back then. And exploits like these are much more rare now.
Maybe if vendors were more open to allowing third-party applications on their platform, people wouldn't be so motivated to increasing the capabilities of the web. Instead, app distribution has turned into a living nightmare, so it's unsurprising to see the web evolved into the monster it is today.
Unfortunately the only way to find these modes of failure is to have them actually fail. It's impossible to design and release an error free system without real world usage from real people.
It doesn't mean we should just give up and go back to HTML1 though. It just means exploits should be fixed as soon as possible to minimize damage.