Much more common than when it is not involved. While it would work on a vulnerable Tor Browser in Whonix, a further total compromise would need exploit chaining to break out of the hypervisor.
Exploits are used with a variety of intentions and to target people sometimes indiscriminately. So assuming one is not doing XYZ and therefore safe is a false sense of security.
Who knows what other hardware level bugs are out there? JS exploits are definitely a bridgehead on people’s machines that open the door to more powerful attacks.