[jka]

It looks like this was shortly preceded by https://bugs.chromium.org/p/project-zero/issues/detail?id=19... which was an exploration of the fact that making a call induces RTP data processing on a recipient device during a call, prior to the recipient answering.

That 'seems' innocuous (and both Signal and WebRTC had reasonable arguments around expecting that behaviour) but this follow-up exploit looks more serious, and the researcher is correct to note how an expanded attack surface can lead to problems like this :/