Confidentiality Integrity Availability
I had this once with a Google Chrome extension. Strange advertisements started to appear on my search results in Google. These advertisements were uncanny. After looking for this behaviour it leads me to infected Chrome extensions.
It was an extension to show favourites in a menu, nothing fancy, I had this one installed for years. It was sell by the author to a company injecting advertisements.
Now, I only install UBlock origins and nothing more.
Oh dang, you just awakened a memory but I can't remember which extension it was... same thing, started seeing ads injected into search and the YouTube sidebar.
Really scary given extensions auto-update, who thought that would be a good idea?
That is why I disable auto-update.
I use TamperMonkey, which allows me to read and modify the code. I should probably replace a few of my extensions with TamperMonkey scripts but they don't carry between synced devices so I'd need to transfer them.
I'm pretty sure this exact scenario is how an old program I used to run got malware on my machine. Now, for the few legacy programs I use, I keep the original offline installers to avoid malware infested updates.