I'm confused why it's specious? Sounds like "compromised browser stopped being compliant with FIDO spec, hence the exploit does not exist", now that's quite a specious claim.