Hello and welcome.
First, clearly define "sandbox." Because if you mean "prevent any application I want to run from being able to discover anything about any other running process, its memory contents,, or any storage not dedicated to the application" you will spend a great deal of time attempting this level of isolation. OpenBSD does not provide this directly, except through pledge(2) and unveil(2), system calls which must be integrated into each application.
You mentioned chromium. This application has been ported to use pledge() and unveil(). So this particular browser is prevented from performance system calls outside of a restricted set, and it is storage-isolated.
Most third party packages do not have these two security features, as the integration effort can be significant.
(Several years ago, I added pledge() restrictions to the p7zip archive utility. It required weeks of effort and the aid of multiple developers, as the application's source code was undocumented, filled with recursive #ifdefs, and each code path had to be traced separately.)
Other security features are available that require applications to be designed from the ground up or a complete redesign to use, such as W^X. And futher still, there are security technologies that are design functions only, and don't use "OS features," such as privilege separation.
Lastly, vmm(4) is a hypervisor, using hardware virtualization features of select Intel and AMD processors. This permits the use of virtual machines for various categories of isolation. I've used these for labs, for building of -stable packages on -curren machines, for staging of production servers, etc.
If you're interested in Flash, you've come to the wrong OS.