Linux is behind other OSs at this point in terms of desktop security and hardening; there are of course ever-evolving mitigations for things like memory safety issues, but everyone has that, and more broadly the standard Unix permission model in the single-user system where every application has more-or-less unlimited access to everything else under your account, is very dated. In practice given a random Linux dev installation, it's morally equivalent to a workstation where you only use root. Flatpak-on-everything is like the absolute bare minimum for a comparison to ChromeOS or Android if we're being honest, and still many apps still aren't designed around supporting things like XDG Portals so permissions are typically much more coarse-grained than necessary. Not to mention the general atrocity that is setuid.

You could beat all of this into submission but you'd end up rewriting a lot of stuff anyway, because those things need to be designed with it in mind (PulseAudio never had a concept of permissions and in practice you had to live with that until PipeWire was written from scratch.) The Linux desktop is a big project with a lot of stakeholders in various projects and many of these ideas only really came into the desktop realm in the past 15 years or so. This means progress is relatively slow all things considered, compared to something like Android or ChromeOS, with unified teams and top-down vision, which is why they have more or less completely replaced the entire Linux desktop in that same timeframe and even delivered on things it still doesn't have like HDR, per-application sandbox and permission models, etc.

I do think that in the server space, you can produce reasonably secure and trustable Linux systems based on available distros. But on the desktop, well, it's not so hot.