Web pages don't have access to file:///, so you're good. Pages can request local files via the File System api with your permission and interaction. But, even then, it's done in a safe way without leaking paths.

In short, browsers got your covered.