[derkades]

An exploit that achieves remote code execution just by a browser performing an HTTP request (for example a malicious ad) would be considered a zero-click exploit.

[rosndo]

But then most exploits that involve sending links would also be zero-click, just not deployed in that manner.

I think this just goes to show how silly this new terminology is.