Dodgy system behaviour - possible rootkit?

[Napalm Llama]

My system's been acting up for the last couple of months, with various, seemingly unrelated things going wrong. I ran rkhunter recently, and it threw up warnings for the majority of system commands. I know the files could have just changed because of updates, but it's still worrying.
The extra-weird thing though is the behaviour of libnss3.so. My system has two libraries with this name:
/usr/lib/libnss3.so
/usr/lib/mozilla/libnss3.so
Chrome depends on the Mozilla one, even though equery says it isn't claimed by any packages. Trouble is, Chrome won't start unless I replace the Mozilla library with a symlink to the main one. So I move /usr/lib/mozilla/libnss3.so to eg. /usr/lib/mozilla/libnss3.so.old, or /usr/lib/mozilla/libnss3.soveryold, or /usr/lib/mozilla/libnss3backup, and replace it with a symlink to /usr/lib/libnss3.so. And a few days later, without fail, the symlink has changed. Instead of pointing to the correct library, it now points right back to the mozilla one, no matter what name I changed it to. I don't see how an automated script could do that.

Does this sound like rootkit behaviour - eg. replacing the libnss libray so that an attacker can listen in on SSL traffic? Or am I just being paranoid?
_________________
Ryzen 5600x; Asus TUF Gaming B550-Plus; Geforce 1660 Super
Registered Linux User #381314
# killall humans

[Ant P.]

That definitely isn't right. I've got half a dozen browsers installed and there's no /usr/lib/mozilla/libnss.so on my system.

[Hu]