That's actually the point of a sandbox. Code has bugs, so you sandbox it.
Now, the sandbox is also code, but to my understanding it's fewer LoC than what you are sandboxing. As bug rate per LoC is a fairly stable value, reducing LoC reduces total bug count. Ergo, by wrapping a large complex program with many LoC inside a small sandboxing function, you increase security (though it is not perfect, it still will have SOME bugs)
The amount of unsandboxed code in Chromium is not a whole lot smaller (if at all) than the amount of sandboxed code on a lines-of-code basis. The advantage of sandboxing is that most of the code that directly interacts with content (the rendering engine) is prevented from directly performing malicious actions, assuming the sandbox is secure.
Now, the sandbox is also code, but to my understanding it's fewer LoC than what you are sandboxing. As bug rate per LoC is a fairly stable value, reducing LoC reduces total bug count. Ergo, by wrapping a large complex program with many LoC inside a small sandboxing function, you increase security (though it is not perfect, it still will have SOME bugs)