To my knowledge, there is no actual evidence to show that browsers are significantly better on security. The major ones all fix critical vulnerabilities regularly, it just doesn't get as widely publicised. (Don't believe me? Go check the changelogs for recent releases of your browser of choice.) Moreover, if browsers do start to offer all the same functionality as Flash but natively, they'll also increase their attack surface accordingly. Of course if you compare a browser against the same browser with a plugin then the second combination has a larger attack surface, but right now that is an apples-to-oranges comparison.
If we want to talk about attack surface Flash is a bit of an issue. Individual browsers these days have issues more often than Flash, as you've pointed out. However, the install base of Flash is greater than that of any individual browser. Therefore, a problem with Flash is a big fucking deal, as it effects many more people than say, a problem in Firefox. Adobe should handle the EOL of Flash more responsibly, by either presenting a framework for transition or open sourcing Flash so somebody else can do it. As it stands, Adobe is the only entity able to fix a bug found in Flash and all tools for converting Flash content to modern standards (AFIAK) are based on a black-box understanding of how Flash works.