There has been a good deal of discussion about this vulnerability and while
much of it is very good, some of it has been a bit misleading. One
statement was that if you have a desktop installed that it's likely that
you have this package, and thus the vulnerability. Well, perhaps. On my
laptop, I have five different desktop packages, but the one I use most is
KDE Plasma. (On Manjaro: and I can run on either X11 or Wayland.). I print
with cups. I do not have the browsed package installed. I did not remove
it. It simply never installed. This implies that it is not a prerequisite
for requirement for anything else that I do have installed, including
cups.

For the record, someone outside the network cannot detect or reach my
printer on its internal IP address on my network. There is more than one
vulnerability in the world.

Your mileage may vary, depending on your distribution and the maintainer's
judgment.

I hope this helps.