Avast found 28 malicious extensions in Chrome and Edge browsers with three million users