The Chromebook is super-limited, created mainly to just allow you to run Chrome. It’s not general purpose. There’s no support for operating other applications (apart from widgets that let you join WiFi). Also, there’s no local file storage. There’s no way to give to other executions because there’s nothing else to execute.
Windows is not like this. It’s created to let any user run any application that they want any time they want it, regardless if it’s good or bad. You can write it yourself, you can download it from the web, you can buy it shrink-wrapped in a store. Truthfully, the OS couldn’t care less. If it’s got the right bytecode, it’ll function.
Fortunately, there are ways to get a better grip on the control that stop users from screwing themselves over too much. In business settings, there are methods to lock things down so you can only run stuff that you can run, but that’s not the default. The default is: Good Luck! Here’s a gun, some bullets, and you already have a foot.
MacOS is wound a bit more firmly than that. Having roots in UNIX, the default security model is much less lenient and the OS defaults which have grown around that base over the years are quite conservative. Yes, you can construct, download, and run code. But for it to do any of a vast variety of things that would stop the security of the system, you have to give authorization in a very clear “No really, do you want this to happen, seriously?” kind of way.