Then assume that the browsers all have security vulns that are available to anyone who is willing to look for them. Because they do.
If the assumption is that all Internet-facing applications have vulnerabilities that can be exploited to take full administrative control of a computer, what is the mitigation other than abstaining from the Internet?
Correct. It's an old, old saying, "The only secure computer on the network is the one not on the network." Taken another way, "The only secure computer is the one not powered on!" It's an unfortunate truth that we all must come to grips with. We do our best to make the computer less desirable a target on the network, but the only way to be completely secure is to not be on the network. The CIA knows this, the NSA knows this, and I am sure that intelligence agencies the world over have two computers on their desks; one on the internal/secure network and one on the Internet. We as IT professionals know more about the hazards and pitfalls than the average netizen, but we're no match for a skilled intruder that desparately wants something on one of our systems. We accept that fact and is why we do everything we can to make the intruder's job more difficult, but we also have a schedule of regular backups and a plan to deal with the intrusion after the fact. That's one of the reasons why we're professionals.
The only reasonable thing is to block all ads if you don't want to get hit by an exploit.
Now define "all ads" in a way that allows a machine to correctly determine what is a non-ad. Is a can of Pepsi in a movie an "ad"?
Now you're being silly in order to deflect a weak argument shored up with a false equivalency. A Pepsi can in a movie is NOT the same thing as a web page ad (the topic of discussion). If you didn't know that web page ads were what the GP meant, then you're either very slow or purposefully being an ass. I block ads with ABP and NoScript. I rarely--if ever these days--see ads on web pages unless I am browsing somewhere other than my desktop machine.
As an aside, I'd bet there would be good money in developing a piece of software that would block product placements in video automatically. Right now it's done manually. Would require a lot of image recognition training, but could net someone a lot of money.