Containerizing - or sandboxing, two different concepts - helps in letting that ransomware stay inside the sandbox, minifying the threat to only that one program.
Additionally, the weakest link being someone uninformed on basic Cybersecurity is not fault of a Sandbox.
Although, Android's Sandbox is far from the strongest. It works by cleverly using Linux's user and groups system, limiting each app to it's own user and giving that user only very specific permissions, as well as some things implemented in the Android Runtime / ART; Although this is sometimes not sufficient.
However, I have heard rumours of Google wanting to implement a proper Hypervisor, essentially introducing virtualization-based security to Android in the future.
I don't believe that just linking CVEs that are unrelated to sandboxing in of itself and are all fixed and don't go any further than 2017 - over 5 years ago - is really making a good point for you. Unlike other historical comparisons in different contexts, CVEs are bugs in software that can be exploited and are to be fixed, although lots of these may go unnoticed with or without Sandboxing. It really doesn't fit the point.
I come from the Android world with that term, so pardon me for linguistic differences. Here we differentiate between a Soft Brick and Hard Brick. The former being a brick that renders the device unusable, but can be fixed. The latter presents a failure so bad that it is beyond repair. I didn't notice people from outside the Android world used the word "brick" different.
Although to explain what happened (or at least, what I've understood from it), Steam required a newer version of a dependency that was included in the pop-desktop metapackage. Because Linus hadn't yet updated his system, trying to install the steam .deb package tried to pull in a newer version of said dependency. Instead of apt marking the pop-desktop package for an upgrade too, it decided that removing it was the way to go as it ""conflicted"" with the newer version of said dependency. Although Linus had to write out a full sentence as confirmation ("Yes, do as I say") he still ended up soft-bricking the system, rendering it unusable for it's intended usecase.
It was truly a sight to behold, although the Debian developers have since patched this up and made it harder to remove essential packages.