Note that, a lot of vulnerabilities of the Kernel+Drivers / OS that totally pwn everything still stem from code written in unsafe memory languages, C/C++, of which, there’s a LOT in AOSP. Good thing Google’s on a multi-year effort to move critical subsysems / privileged code to Rust, on the back of already heavily compartmentalizing (since Android 6+) existing subsystems (with the help of other major OEMs like Samsung) in the wake of vulns like StageFright.
A key element of the security that GrapheneOS offers to the userspace is anchored on existing trust in the silicon vendors (variety) + the OEM (which is Google) via Verified Boot: That is to say, the attacks on GrapheneOS devices will escalate now, and could possibly involve compromise at the factory line, even. Governments, of course, can pass resolutions mandating “backdoors”, secretly or openly.
That said, the beauty of GrapheneOS the way Daniel Micay runs it is, security is king, non-negotiable, top-most priority item, and a promise. Google may or may not enable or implement features that they should (rightly so; they’re building AOSP as a platform for other OEMs and Pixel as a product for the Google Apps, Search, & Ads mothership), but Micay doesn’t flinch one bit, even in the face of so much adversity (Google Play Integrity, as one example). The project members are also very vocal and relentless advocates of proper security & privacy practices. Glad to know that Cellbrite couldn’t get past GrapheneOS (especially, in the BFU states), but this arms race doesn’t end here and definitely not with GrapheneOS.
See also the recent Google Security blogpost, Rust in Android: move fast and fix things.