In an ideal world you would be using multiple layers of isolation as well. Virtualbox being used in this way is merely one layer of isolation. Mandatory access controls are another sort of isolation that can be used for similar goals. jails style virtualization can also be used,application virtualization essentially. chroot also offers isolation. systrace is another isolation tool. You want the attacker who pwns your browser to have to go through as many additional isolation layers as possible before they can get your external IP address. Unfortunately isolation isn't perfect, I have heard of security critical chips that use 8 isolation layers being penetrated by skilled hackers.