It boils downs to any "app" which tries to display a "html" from the web is vulnerable to been hijacked. And the author has nothing to do with it.
Generally a program uses "object" in the code which uses some dll to show, say IE window in the program itself. Since the main browser Edge, Firefox extra is not called but a scale down version of an old library, so the vulnerability increases.
Only solution looks like not to use the "in window html display" but call the default browser.