It is way harder to exploit a machine through a properly sandboxed process. Sandboxing restricts the process's access to filesystem and network. On Linux for example seccomp can restrict the number of system calls the process can make which further reduces the attack surface greatly. So to exploit a OS vulnerability through a sandboxed process you also need to exploit a vulnerability in sandboxing itself. That's significant.