According to him, if a user enters the term "Download Chrome" in Google Search, the 36th result is a compromised website for downloading Chrome plugins.
The domain (chromeplugins.com) has been registered in 2008, indicating that the website - an unofficial Google Chrome plugin forum - is legitimate.
The users are automatically redirected to the two websites. The researcher doesn't mentioned what the malicious content they actually host, but it's most likely ads. However, an easy and fast change by the scammers and they could be serving exploits and compromising the users' computers without their knowledge.
Legitimate websites compromised by cyber crooks are, unfortunately, an unwelcome reality, and users should always be on the lookout for malicious sites and keep their anti-malware defenses updated.
Reading our newsletter every Monday will keep you up-to-date with security news.
Receive a daily digest of the latest security news.