According to MEGA, the rogue extension version was removed from the Chrome store and replaced with a legitimate iteration (version 3.39.5) four hours after the breach occurred. The clean variant was served to users through the autoupdate mechanism.
Read full news article on Infosec Island