Apple has just released macOS 10.13.4 Security Update 2018-001, which fixes two vulnerabilities in Crash Reporter and the handling of URLs in text messages. Despite those apparently minor fixes, it is 1 GB in size, and available for High Sierra only, through the App Store.
Safari 11.1 is available as an update from the App Store for El Capitan, Sierra, and High Sierra, and contains two security fixes to WebKit, to improve handling of crafted web content.
A standalone version of the update is now available from Apple. This is oddly named as a Supplemental rather than Security update, which is perhaps more appropriate given its extent.
High Sierra Security Update 2018-001 does, as I suspected, contain a great deal more than fixes for those two vulnerabilities, plus Safari 11.1. It is, in effect, macOS 10.13.4.1. Among the system tools updated are Apple RAID Utility, System Image Utility, and SetupAssistant.
A huge number of Extensions (KEXTs) are replaced, including apfs.kext, although the APFS filesystem itself doesn’t appear to have changed. Many public and private frameworks have been updated, as have many command tools in the various bin and sbin directories. I cannot see any app updates in /Applications or /Applications/Utilities, though, apart from Safari.
There has been little if any change in the status of those apps and tools which remain 32-bit. In particular, /System/Library/QuickTime components remain 32-bit, and have not been replaced with 64-bit versions.
As I had thought, this update doesn’t include any EFI firmware updates.