Chrome 0-Day, UniFi Exploits, and Manifest V3: A Week of Security Warnings

Google will finish disabling popular ad blockers in its next Chrome update as the transition to Manifest V3 closes the final loophole that allowed tools like uBlock Origin to keep functioning. The change arrives alongside a week heavy with security alerts, including a Chrome zero-day vulnerability, active exploits against UniFi networking gear, and a damaging VPN flaw.

Manifest V3, Google’s replacement for the older extensions framework, has been rolling out for years. But the company was still leaving room for older extensions to work as long as users enabled the deprecated Manifest V2. The upcoming Chrome update will remove that support entirely. Google has said this is about performance and security, but the effect is clear: content blockers that rely on the broad WebRequest API will stop working.

Multiple active threats reported this week

Beyond the Chrome extension change, security teams are tracking several active vulnerabilities. The Hacker News weekly recap lists a Chrome zero-day that is already being exploited in the wild. Researchers also flagged unpatched flaws in Ubiquiti UniFi access points and controllers, with proof-of-concept code available. A VPN vulnerability affecting multiple providers is under active analysis, and macOS users face a wave of information stealers being distributed through malicious websites.

• Chrome zero-day (CVE not yet fully public) is being actively exploited. Users should update Chrome immediately.
• Ubiquiti UniFi devices have multiple unpatched vulnerabilities that allow remote code execution.
• A VPN flaw affecting OpenVPN-based implementations could expose encrypted traffic.
• macOS info-stealers like AMOS are being packaged with fake app installers for popular tools.
• Abandoned npm and PyPI packages are being hijacked in supply-chain attacks that deliver malware.

What these changes mean for users and enterprises

The end of Manifest V2 support is a turning point for the web extension ecosystem. Users who rely on ad blockers for privacy or security will need to switch to alternatives that use the less powerful DeclarativeNetRequest API. Enterprise administrators should audit their Chrome policies and consider using group policies to enforce a more secure extension whitelist.

Meanwhile, the zero-day and active exploits this week underscore the importance of patching quickly. Google will likely ship a fix for the Chrome vulnerability within days, but UniFi users may need to wait for Ubiquiti to release firmware updates. In the meantime, security teams should disable vulnerable services and apply workarounds where available.