Real world threats generally aren't exploiting process memory errors or whatever. Unless they're in the shadier parts of the web, users are unlikely to encounter such things even when they might exist. Spyware and adware threats on the other hand are ubiquitous and highly likely to be encountered by nearly everyone. A web browser that doesn't mitigate that is simply not fit for purpose. It's a table stakes security requirement.

Currently all the browsers are with ads by default. Not ideal but certainly most don't encounter spyware through ads, unless they're in some spam sites.