Computers on a local network are typically configured to pass DNS lookup requests to the network's router, which then passes those queries to DNS servers run by the ISP. If attackers manage to replace the DNS servers configured on a router with rogue servers they control, they can then spoof websites.
Such network layer attacks that happen outside the computer are almost impossible to detect by antivirus software, the browser, Google or the victims themselves.
The problems go even higher up the chain, to the legitimate advertising networks that place ads on websites. Cybercriminals frequently manage to trick these networks or their partners into distributing malicious ads, which then end up on popular websites and infect users with malware.
These attacks, collectively known as malvertising, have been going on for years with no end in sight. Ad networks repeatedly claim that they have defenses to prevent such incidents, but time and time again attackers find a way to bypass them. The scale of the problem even prompted harsh criticism by the U.S. Senate and calls for increased regulation of online advertising practices.
The fact that Google has begun scanning Chrome extensions for deceptive ad injecting behavior is a good thing, even though it comes years after security researchers warned about such threats. But, it's also worth keeping in mind that rogue browser extensions are just a small part of the problem.
Sign up for CIO Asia eNewsletters.