Zero click browser exploits still do pop up—it's also hard to say how common they are, because they're hard to detect, and likely to be used very judiciously by the people who discover them to avoid showing their hand. Ad networks have certainly been a direct vector for malware in the past.
Within the past few years there were quite many malicious ads floating around that would trigger a redirect on load on iOS Safari, sending the user to a scam page (phishing, "you've won!", or instant redirect to the App Store), no engagement necessary.
Some recent browser zero days/malicious ads situations, not necessarily "an ad loaded in my browser -> pwned", but reasonably applicable:
I think you don’t see ads that are served in there. Those are outright scams like fake investments and not just crypto but outright “buy big company X shares to get rich, photo of celebrity” with celebrities not even knowing they are used for those scam ads - meta doesn’t do shit about it.
Zero click malware would be most likely too sophisticated.
You click the ad contact people who will tell you where to wire money that’s the level we are talking about here.
