It depends on the model of the computer. I have personally librebooted a t440p thinkpad and although perhaps a usb controller can be reprogrammed. Id fine that highly unlikely, i had to buy a specific programmer, then realized the kind people on the libre boot form recommended a raspberry pi to program the ROM chips on the thinkpad. I then had to deconstruct the thinkpad to get acess to the 2 chips on the motherboard housing 2 firmwares. For the BIOs, i believe that it is highly unprobable for a usb port to re-program a usb HID device like a keyboard, mouse or camera. There a specific chips that are ESP programmers they are designed in a very particular way and exclusively are for programing and reading. Most chips are read only chips on USB devices for long jevity. And technically you can reprogram them, however you need an ESP programmer to connect to them and flash. And lets say theoretically you reprogram them with malware, it would be extremely hard to guess the manufacture of the usb controller chip as well as the layout of what pin does what. It was very complex to program an bios chip and certain models of computers have multible chip for certain things like firmware blobs. I think the artical is highly theoretical and never showed any real exploits being used in the wild. Im not an electronics engineer or anything but from what i know about playing with libre boot and arduinos it sounds unrealistic like 1995s hackers/watch dogs to reprogram usb bus’s with a built in usb bus.

i mean there’s a possibility of malware hiding in usb peripherals since they have flash, and for thinkpads I think the camera, touchpad, smartcard reader are usually usb. If they hypothetically acted as usb mice/keyboards/network adapters/display devices, they could possibly infect your system ig