Google has removed a Chrome plugin used by approximately 2 million users after reports that the browser extension had been compromised and installed potentially malicious code and tracking software on users’ systems. Application security firms have warned that open-source components and third-party software should be vetted for vulnerabilities and, increasingly, as a supply-chain issue. The cyber espionage attack that infected customers of SolarWinds by adding code to the software, and the spread of the NotPetya worm through the compromise of a Ukrainian accounting software update, both highlight the dangers of third party security failures.”]