https://www.techtarget.com/searchsecurity/news/366551978/Browser-companies-patch-critical-zero-day-vulnerability

Citizen Lab said Blastpass was discovered on the device of an employee with “a Washington DC-based civil society organization” and that it could be mitigated by Apple’s Lockdown Mode. An investigation into the exploit chain continues, but researchers said it involved “PassKit attachments containing malicious images sent from an attacker iMessage account to the victim.”

Edit:

Fuck my reading skill (or fuck articles listing multiple high profile CVEs)…
Blastpass is not the same libwebp CVE (blastpass, the iMessage thing, is CVE-2023-41064. libwebp is CVE-2023-4863 - although that is the chrome one, despite this affecting libwebp not chrome).

I think the whole situation is very rapidly being researched and it’s all developing.
So, no idea if lockdown mode would have any effect