So. Does this methodology mean someone can surreptitiously boot up a Linux VM running Wireguard in your browser and be inside your firewall via chrome.sockets API?
No? It's still a web page. And the chrome socket API was deprecated and removed for everyone except ChromeOS users in certain cases. The closest you can get is installing a Chrome extension that exposes sockets, but if someone is able to do that, they don't need the browser for help.
Moreover, you don't even need Linux and Wireguard. WebRTC accomplishes p2p encrypted traffic without libraries.
You don’t need a VM. Do what Netbird does. Compile wireguard-go to WASM and you’re g2g
https://docs.netbird.io/about-netbird/browser-client-archite...