In enterprise yes, because people need to process attachments under time pressure, in a home environment I don't see this as an entrypoint.
Only case where I've worried at home is when previously legit (but not popular) websites have been hijacked - this has happened twice this year to me but per VT sites were clean - even though they had clearly been hijacked as there was porn instead of the product they sell. Maybe VT didn't find something that was there but in any case I think that's a valid risk for home users.
Still, as JS is turned off by default in my browser, it would need to be a really high end exploit to get through.
I used to run noscript and umatrix with firefox too but with Chrome something that breaks out of the browser is so rare I don't think it's worth the headache anymore.