You've fallen for the propaganda. "remotely ownable" is only true if you do things like visit sites with JS enabled by default, which is what has been the case with true PCs for a long time.
There's a whole community keeping these devices alive, I trust them far more than Big G.
The... propaganda? PoC exploits demonstrating full device takeover by sending an image file are propaganda? What would a real security vulnerability that's not propaganda look like?
libwebp, a Google-originated format... how convenient.
via a crafted HTML page
Don't forget that the majority if not all exploits will use something like JS to obfuscate their existence and frustrate analysis.
Also remember the famous sayings "Those who give up freedom for security deserve neither" and "Live free or die". Accepting the insecurity, because freedom cannot exist without it, is also important.
No, really. I asked a specific question. What would a vulnerability that's not propaganda look like? Please explain how to distinguish between propaganda and non-popaganda vulnerabilities. I need to be able to distinguish between them for myself.
There's a whole community keeping these devices alive, I trust them far more than Big G.