You decide what to put into the green and safest area etc. the division is done by VM's. Your data could still be compromised if you have a faulty browser but the attackers will only gain access to that limited ("red") area.
The environment is KDE or Xfce and you can have windows from all "areas" open - they will have a green or red or yellow frame indicating their security level, so it is easy to check the security level of your Apps.
Updates are handled centrally so your workflow does not get much more complicated.