[rosndo]

> A non zero click vulnerability can be mitigated by being cautious. A zero click vulnerability cannot.

No amount of caution will save you when the exploit is injected into a major website.

Why bother with such meaningless distinction? Does your browser never hit any http:// resources?

[derkades]

An exploit that achieves remote code execution just by a browser performing an HTTP request (for example a malicious ad) would be considered a zero-click exploit.

[rosndo]

But then most exploits that involve sending links would also be zero-click, just not deployed in that manner.

I think this just goes to show how silly this new terminology is.