Per-site process isolation is a powerful security feature that seeks to limit exposure of a malicious website/script abusing a security vulnerability.
Firefox calls per-site process isolation Fission and is enabled by default on desktop. Fission is not yet enabled by default on Android, and when manually enabled it results in a severely degraded/broken experience. Furthermore Firefox on Android does not take advantage of Android's isolatedProcess flag for completely confining application services.
Standalone Chromium based browsers strictly isolate websites to their own process.

The lack of per-site process isolation means a successful exploit is likely able to gain more access (to other site data/browser settings/passwords) without needing a second exploit. It would still need an Android system/kernel exploit to further escape the system sandbox. It is an important hardening feature, but the browser isn't completely insecure without it assuming it is up-to-date and that you aren't on the receiving end of targeted/zero-day attacks. Furthermore (in Chromium) with isolated renderer processes there is still some inherent attack surface of the main process that can allow a single exploit, just like in Firefox.

The goal of per-site data isolation is to prevent say a third party script from being able to store data and use that to track you across many websites, instead any data set will be keyed to the website it was set from. This concept is further detailed here.
Firefox calls per-site data isolation `dynamic first party isolation` (dFPI). Firefox and Focus enable dFPI by default.
Chromium calls per-site data isolation (network) state partitioning and is not enabled by default.