The security implications if this goes mainstream is that you are expected to do this for all kinds of hardware.

Right now that isn't the case and I can't remember last the time I had to uninstall untrustworthy native drivers.

A lot to lose, very little to gain?

On macOS, I think I've installed device drivers exactly once in the last decade, and they were for a weird printer.

The nice thing about USB devices is that they don't need native drivers. Hardware that requires native drivers for USB is pretty rare, at least for many common cases (keyboard, mice, controllers, joysticks, printers, dacs, headsets, cameras, ..), and are easy to avoid.

What product categories exist where all entries only work (over USB) with native drivers?

why would you be using untrustworthy hardware to begin with?

Sounds like something that could have a standalone usb-driver-container or special chromium fork for the 0.00001% of users that need it instead of bloating every browser with yet another niche API and the inevitable security holes it will bring.

Doesn't linux have the drivers already?

That sounds like a Windows problem.

you do know microsoft OS 2.0 descriptors are a thing, right? or that you can force the unknown device to use WinUSB

but really most devices you want to interface to via webusb are CDC and DFU so.. problem solved?

You can have userspace drivers for usb devices in Linux