How to encrypt your entire life in less than an hour
Quincy Larson

If you’re absolute about security, I’d use virtual machines that are torn down and rebuilt regularly:

One explicitly for banking and sensitive data needs that you dispose of tear down and rebuild often,

One for random browsing with no personally identifying data on it (that again, you can tear down and rebuild as and when needed

And one for emails and legitimate websites only (that is only browsing site that you know are legitimate due to their HTTPS certificate that you go on regularly).

And if you’re really scared, block all traffic accept for that which comes from your virtual machines.

(thus rendering your ‘real’ machine as an offline node)

And if you’re still worried hardware hijacking, you can disable hardware devices on a per VM machine basis.

Then you can use whatever browser you like on your ‘random browsing’ VM because even if it does get compromised, it has no identifying data on it, and it’ll be getting torn down (completely erased and re built) when your services run at midnight