Browser updates: security gaps plugged – and µBlock turned off
(Bild: Erstellt mit KI in Bing Designer durch heise online / dmk)
The manufacturers are plugging security gaps in Mozilla's Firefox and Thunderbird as well as in Chrome. Chrome also deactivates µBlock.
Mozilla has released security updates for all currently supported Firefox and Thunderbird versions, Google for the Chrome web browser. Chrome now also blocks the adblocker µBlock – which can be reactivated with a few simple steps.
The Mozilla developers have released Firefox versions 136 [1], ESR 128.8 [2] and ESR 115.21 [3]. The Thunderbird mail client is also available for installation in versions 136 [4] and ESR 128.8. [5] The security advisories list the security vulnerabilities closed in the versions at – including some that are considered high risk and could potentially be abused by attackers for code smuggling. However, none of the vulnerabilities are being actively attacked yet.
Google fixes vulnerabilities from – and strangles µBlock
According to the release announcement, [6] Google has patched 14 security vulnerabilities in the web browser. Google only provides a brief description of nine of them, the other gaps were reported and found internally. Only one of these vulnerabilities poses a high risk for Chrome users. For both the Mozilla software and the Google browser, users and admins should ensure that they install the latest version quickly.
However, many may notice negatively that the browser announces that it has deactivated the µBlock browser extension after restarting.
(Image: Screenshot / dmk)
Google insists that users leave the extension deactivated and remove it, as the buttons highlight these actions. However, µBlock can still be used by clicking on “Manage extension”.
(Image: Screenshot / dmk)
In the extension management, the slider with which the adblocker extension can be reactivated can be found inconspicuously and poorly visible. After clicking on it, Google Chrome asks for further confirmation.
(Image: Screenshot / dmk)
With the note that the extension is no longer supported, and it is therefore better to remove it, those affected must click the “Activate” button again to reactivate µBlock. So far, we have not noticed any malfunctions or errors when using the extension.
Google has been working for some time to get rid of unwanted extensions that use the old Manifest V2 interface. As early as last October, the first users were notified that Manifest V2 extensions would no longer work with immediate effect. Of course, this also impacts other add-ons, but µBlock is by far the most popular victim of this policy. Now, however, Google seems to be pushing the change through to the masses.
[7](dmk [8])
Don't miss any news – follow us on Facebook [9], LinkedIn [10] or Mastodon [11].
This article was originally published in German [12]. It was translated with technical assistance and editorially reviewed before publication.
URL dieses Artikels:
https://www.heise.de/-10304839
Links in diesem Artikel:
[1] https://www.mozilla.org/en-US/security/advisories/mfsa2025-14/
[2] https://www.mozilla.org/en-US/security/advisories/mfsa2025-16/
[3] https://www.mozilla.org/en-US/security/advisories/mfsa2025-15/
[4] https://www.mozilla.org/en-US/security/advisories/mfsa2025-17/
[5] https://www.mozilla.org/en-US/security/advisories/mfsa2025-18/
[6] https://chromereleases.googleblog.com/2025/03/stable-channel-update-for-desktop.html
[7] https://pro.heise.de/security/?LPID=39555_HS1L0001_27416_999_0&wt_mc=disp.fd.security-pro.security_pro24.disp.disp.disp
[8] mailto:dmk@heise.de
[9] https://www.facebook.com/heiseonlineEnglish
[10] https://www.linkedin.com/company/104691972
[11] https://social.heise.de/@heiseonlineenglish
[12] https://www.heise.de/news/Browser-Updates-Sicherheitsluecken-gestopft-und-uBlock-abgedreht-10304708.html
Copyright © 2025 Heise Medien