If you take their claim that they don’t use vulnerabilities in their products as true, then I don’t see a contradiction. If it isn’t true, then obviously there is a contradiction.
But your considering of all methods that enable fingerprinting as vulnerabilities is your own opinion. There are definitely measurable signals that are based on a user’s behavior, rather than data exposed by the browser itself.
But your considering of all methods that enable fingerprinting as vulnerabilities is your own opinion. There are definitely measurable signals that are based on a user’s behavior, rather than data exposed by the browser itself.