Remote code execution vulns are still routinely discovered, for example: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-4199...

Trust me when I say randos aren’t dropping modern 0days on restaurant menus. Not when a novel attack can fetch millions through brokers.

Not only do I agree with you, but I don’t think anyone would be able to tell an attack was imminent if they were to see the URL anyway. I was just providing facts to the comment above that didn’t seem to think RCE are a thing anymore.

Makes sense, my phrasing was poor I should have made that a more general statement not directed at you necessarily. I think the average techy has through some combination of general news like this and just enough technical know how formed an unrealistic threat model for themselves.

> the average techy has through some combination of general news like this and just enough technical know how formed an unrealistic threat model for themselves.

amen :)

I've never heard of this domain before, so I shouldn't click on it because vulnerabilities in the browser are still routinely discovered.

Sorry for the sarcasm, but if you trust clicking on links in a browser, QR codes should be fine as well.

Yeah, if your threat model involves not trusting links, you should be disabling JavaScript and CSS by default and probably not browsing the web in the first place. Libpng and other libraries frequently have fairly critical bugs that are a bigger concern than MitM attacks.