I disagree and I think that some of these things are some problems.

Forcing HTTPS was not really the best idea (and HSTS is bad for other reasons too). Let's Encrypt is a way to get a certificate easily in case you do want or need HTTPS, although it does lead to problems, such as some businesses will have certificates that do not contain the identification their address and that stuff, and some more problems. In addition, I think the design of Let's Encrypt automated certificates is not very good either.

I had not known what is Project Zero, but Wikipedia says they find vulnerabilities and documenting them so that you can defend against it, and this is helpful.

The authentication standards they made up aren't that good either. If you already have HTTPS, then you can use client certificates, which has many benefits and some more security compared with many of the other methods being used (e.g. TOTP) as well as not needing JavaScripts and cookies and that stuff.

V8 is not bad, but the designs that need this much speed (not only V8 but also HTTP/3 etc) means the design is probably already excessive. Making or using a browser should not require this for everything.

HTML5 has some good ideas as well as some bad ones, and so do the other web standards. But older versions have their own problems too. I also think they put too many things in the document and the script and styles in the document, that should better belong in separate user settings.

I also think that believing that JSON and Unicode and that stuff that they use, are not really that good either. (I think DER is better than JSON in many ways, anyways)