While phones, tablets and Chromebooks don’t tend to see as many exploits due to the app ecosystem and generally locked down OS, they absolutely are exploited. Anything that receives uncontrolled data or where such data can be manipulated, is subject to potential exploitation.

This happens through text, chat and social media apps, browsers, USB and RF connections (wifi, Bluetooth, NFC) driver issues, etc. Exploiting at the user level (lots of stuff to do at this level), escalation of privilege to root/system/admin and there you go.