At extreme high level, there are usually about 6 layers between the ad purchaser (in this case, Costco) and the ad server level (the entity that shows ads in your specific browser.)
There's a lot going on in the background. The issue is the technology that we use to fund the web -- we went with the ad driven model instead of alternatives because ad driven was easier and cheaper and possible to implement when we made the decision 15 years ago -- is inherently flawed and difficult to un-implement.
Yes, in theory, there are services that prevent an ad buy from showing up where the purchaser doesn't want it. It's not actually very effective, and to work at all, it relies on the ad showing up where it doesn't belong, being noticed, and reported. Which is where we are now. The tech is improving rapidly, but it's definitely a Moore's Law issue -- the tech improves at about the same pace that processing improves.
Web advertising is not at all like broadcast or print media advertising, where every copy of the magazine or every regional broadcast plays a set of ads that are perceived by everyone on that channel at that moment. Web advertising is very tailored, based on cookies, security level of the user, which ad blocks are in place, location services and other proprietary factors at each level of the service. You and I could both go to the same site at the same time, and our ads would likely be very different, based on where we had been before, where we are physically located (or where our VPN says we're physically located) and how often we've been to the page.
The only way to keep an ad off a page entirely is to not advertise at all, and the only way to not see ads is to comprehensively block and turn off JavaScript and Flash. Which are baseline security measures, but not everyone's willing to do so.
= new reply since forum marked as read