It seems likely the scripts had been loaded through a third-party advertisement, a practice commonly known as malvertising.
Bloody ad-pushers and the cheapskate, careless tossers that they are. They need to:
1) Vet the ads they get before they serve them.
2) Only serve ads directly from their own infrastructure, rather than fetching content from somewhere else.
The way they operate now, where what the punter actually gets served is entirely at the whim of whoever bought the slot, is a permanent open invitation for the scrotes to fill their boots. Yes Google, that is evil and you are doing it.