Browsers don't really need access to your entire filesystem. That's why I started to firejail them.
Firejail usually has built-in profiles for browsers, so I'm not going to cover that here.
Always appending firejail to your browser is really annoying, and when it's called from other programs without firejail, it can be problematic.
Always run a browser under firejail with the following command:
sudo ln -s /usr/bin/firejail /usr/local/bin/brave-browser
And you're set.
