You can run browser inside sandbox all the time. You'll just need to run it outside the sandbox when updating. And even that isn't strictly needed if you use only avast! all the time.
An example of needing to update when surfing is there is a need to bookmark or add favorites when not in sandbox mode. If this is updated when in sandbox, then the new url will be lost when the browser is closed
OR a new version of Chrome or Firefox is available and then running the update for that while sandboxed would result in the same outcome.
TBH, the only time I ever run a sandboxed browser unsandboxed is only for the two instances above.
I can, and have, run into a situation where a well-known and reputable site is reported to be infected by Avast!, and since I never know when that might happen, I always run the browser sandboxed. Sandboxing also prevents unwanted changes to the browser, one such as having a possibly unwanted browser search engine installed via a drive-by infection or worse.
Smart thinking says to prevent issues where one can, and sandboxing is one of the ways to do so. Active prevention is key. That way one does not have to deal with any malicious issues should any pop up when sandboxed. All that is required is to delete all data left in the sandbox after the browser instance is closed and the browser should then show that it is unaffected when run again.