Malicious developers are trying to buy successful Google Chrome extensions, which they then alter to send ads and spam to users. This exploits how Google allows extensions to be automatically updated in Chrome, so a developer might add features that you didn’t originally expect.
One extension, Add to Feedly, was sold by its creator to a company who then updated it. This update added adware (advertising-supported software) to all pages viewed in Chrome, and even started redirecting links. Add to Feedly had around 30,000 users, all of which got the malicious adware update automatically. The same happened to another extension Tweet this Page, which was silently updated to start feeding ads and redirect Google searches.
Both extensions have now been removed by Google, as they broke their terms of service. However, it seems the only extensions that get removed are the ones that are caught, and we have no idea how many other extensions may have been bought or updated in this way.