It would be an undertaking of the magnitude of Linux itself. Not exactly that but as close to that as anything.
The first problem with web browsers as compared to any other software is they are bound to evolving, constantly changing web standards they don’t entirely control on their own but usually have input in. In addition to that in the age of Chrome they have to deal with constantly changing non-standards implemented by Chrome that are extensions of standards which they can either support or people jump ship because web designers implemented stuff using those non-standards and tell people to use Chrome or get lost. (This is by the way the old Microsoft EEE strategy of Embrace-Extend-Extinguish)
The second problem is web browsers are not -A- attack surface, they are -THE- attack surface. Security fixes for browsers, problems in standards, implementations of the standards, engines, etc far outstrip security problems with OSes. And whereas most OS security issues are “can wait” things because they rely on local access or being on the same network or running specific compromised software or using specially crafted malicious payloads, a bad security bug in a browser can result in zero-click compromise of the whole system without user interaction to say nothing of countless easily enough done social engineering user interaction compromise bugs.
In addition to just patching exploits and bugs you also have to invest in keeping up to date in security architecture, that is creating, testing, implementing the newest mechanisms to make sure your browser is reasonably safe compared to the one run by the trillion dollar monopoly. You also have to do the same in terms of tweaking things to keep things running quickly as your competitor is constantly optimizing to make things load more smoothly, videos to work better, web-video-conferencing to work better, etc. So you can’t just sit on an engine and just bug-fix or you won’t have a satisfactory user experience compared to competitors and things may even end up broken.
For both these reasons you can’t just develop at your own pace like you can with most FOSS. Not saying it can’t be done but it’s hardly as simple as pointing at GIMP or Blender and saying they’re FOSS and work well when they don’t have to deal with tons of fast evolving standards, changes in their environments and being internet-exposed to attackers. Web standards are ratified, you have to get them into your browser and working in a certain time-frame and that takes a lot of work and coordination. An exploit is discovered? You have to patch it within a certain time-frame. Chrome introduces something and it’s causing a bad experience for users of your browser? You have to figure it out and change things before too many of them jump ship because your browser is now seen as “slow” through no fault of your own but through malicious intent of the monopoly.
Web 3.0 is a brave new place. You can’t even read half the major websites these days (to say nothing of interacting, logging in, using forms, etc) without enabling javascript not just for the main webpage but for a CDN, another site or so which may be analytics, advertising, etc.
The fact is the modern web is being made hostile to users. Hostile to user choice. It is intentionally being designed around this and you can’t beat corporations into making healthy choices to support your FOSS browser and an open web.
I mean the real solution is revolution and a proletariat state that funds and supports a good single browser.
I also didn’t mention but one additional issue, the thing that dethroned and fucked Firefox is you need a way to push your browser to the people or you end up like Firefox with under 10% user share (and that’s from a browser that at one time people willingly flocked to and gave majority share from the poorly maintained monopoly of Internet Explorer). Chrome has google mail, google itself, chromebooks, android all pushing people to use it and integrate into their ecosystem. Apple’s Safari is so big because it’s default on Macs and iPhones. Edge has any share at all because it’s default on Windows and has lots of easy ways to manage corporate policies for corporations deploying Windows machines.
I think a FOSS effort could rescue Firefox for a while if it imploded but I just question the long-term viability as I think such a project would be increasingly locked out of web standards and slowly but surely falling behind and rotting from code debt. When you have things like Chromium out there that you can just strip the google stuff out while someone else (Google) maintains the engine itself and all the hard parts most people I think would in the end take that road of least resistance.