you realize modern browsers have millions of lines and over a decade (or two!) of legacy code running that are under constant scrutiny by actors who spend all their time finding exploits in binary executables, right?
you realize your operating system also ships system updates on a regular, often daily basis, right?
"How is a security hole in the thing people use to do their banking a problem for the user?"
If you think it's just a matter of writing a completely fresh browser every few years to remove legacy code, then I invite you to do so and prove us all wrong. I'll be looking forward to it, along with all of the new security holes you open by using new, untested code all the time.
In the meantime, feel free to use an ESR version of whatever browser you prefer a slower update cycle while still being supported for any major security findings.
Why don't you run the update service? Or if you do, how does the few seconds it takes to apply the update really impact you? I never even realize it apparently updates so much as it doesn't nag or anything.