This honestly doesn't surprise me all that much. More than 10 years ago I had to dive into Chrome's WebRTC stack for interop and reverse-engineering purposes (at the time, the WebRTC specs were changing all the time, and were poorly documented). The code was <i>massive</i>; it turns out it's a fairly complicated protocol, and dealing with audio and video and handling sessions (even without including a signaling protocol) requires a lot of code (not to mention the use of the then-obscure DTLS security protocol on top of UDP). And that was 12 years ago; I'm sure WebRTC's surface area has only increased since then.<p>I assume Signal uses a different implementation, but I'm sadly not surprised there are security issues lurking inside it.<p>This bit at the beginning made me chuckle, though:<p>> <i>It’s another average Friday morning and my iPhone shows 705 unread Signal messages</i><p>I feel like I'm doing communications wrong... if I wake up and find 20 unread messages across all my chat apps, that's on the high side for me.