I think it’s debatable whether RAII should be called “memory management”. Whether dealing with Rust or modern C++, you don’t need to “manage” the memory beyond specifying a container that will determine its lifecycle behavior, and then you just let it drop.
You could certainly choose to manage it more granularly than that in Rust or C++, but in the vast majority of cases that would be considered bad practice.
That’s a qualitatively different user experience than C or pre-2011 boostless C++ where you actually need to explicitly delete all your heap allocations and manually keep track of which pointers are still valid. Lumping both under “memory management” makes the term so broad that it almost loses its significance.
Probably the most important thing is keeping up with security fixes. I’m not an expert in web security, but my impression is that there’s a never-ending cat and mouse game between hackers and browser developers to find or patch exploits. And since browsers play such an important role in the activity of hundreds of millions… billions?.. of consumers, it has the largest possible attack surface for hackers to target.
Then there’s things like better support for web assembly (how I would love the web dev world to break the JavaScript hegemony), and the constantly shifting web standards that are meant to make websites more capable, easier to program, and more performant. E.g. things like websockets and WebRTC.