That headline is quite misleading … the malicious extension only had a few hundred installs, not millions. They just copied an existing extension that does have 7 millions installs. They did went quite far by registering a URL. Of course it is bad that stuff like this manages to get on the store, but as long as you check what you are installing, you should be fine.