My most useful Chrome extension was stealing my data for years

As someone who works with images for almost every part of my job, I really don’t like Google’s WebP format. It’s good for what it does, but loading it into an image editor can often be a headache. So I use a browser extension to download WebP files in JPEG and PNG format – or, at least, I have for a few years. Turns out this is the latest Chrome extension being sold and turned into spyware.

The extension in question is, or was, called “Save Image As Type”. It did exactly what it promised, offering alternative format downloads via the context menu. But according to an investigation by XDA, this and many other popular extensions have been purchased by bad actors, who are taking advantage of their existing reputation on popular download centers like the Chrome Web Store. They then change the extensions, push the update, and neither Google nor Chrome users know anything about it.

Google

In this specific case, the extension hijacked affiliate links. It is a system that is generally invisible to Internet users, but is an essential part of how advertising and sales work on the Web. When you click on a store’s link on a web page, that store may offer a commission to the site that referred the buyer to it. (Yes, this model pays a considerable portion of my salary as a web editor.) The extension monitored these links and hijacked them with its own affiliate code. (PayPal subsidiary Honey was caught doing much the same thing in a high-profile story in 2024.)

In other words, the affiliate revenue was redirected to the owner of the extension – or should I say its new owner. The Chrome Web Store version of the “Save Image As” extension officially changed hands in November 2025, likely after being sold out, amassing over a million users and earning a “Featured” badge from Google. But it may have been compromised long before that. Researchers documented this particular set of extensions in late 2024, and according to XDA, Microsoft removed this specific extension from its own Edge gallery in early 2025. (Edge is based on Chromium and compatible with Chrome extensions.)

Google removed the “Save Image As” extension from the Chrome Web Store earlier this week, more than a year later than Edge. It now returns a “This item is not available” message on the Chrome Web Store. Even though Chrome is not my primary browser, the removal also removed it from my Vivaldi installation (also Chromium-based), as I had used the Chrome Web Store to find and install the tool, even though I had been using it since before deactivating Chrome.

Google

To be honest, as a user I take at least some responsibility here. I should carefully inspect every software update to make sure it is safe, including browser extension updates. But on the other hand… I’m not a developer. Even if I was Carefully inspecting every software update, analyzing the code after carefully reading the updated terms of service, I doubt I have the technical expertise to spot relevant malicious changes, and neither do the vast majority of users. I rely on Google to keep the Chrome Web Store secure.

Purchasing and weaponizing popular browser extensions proves to be a very effective technique for fraudsters. And while Google is at least somewhat aware of the problem (the latest removal may follow a Reddit post from the weekend), its security enforcement appears to be reactionary rather than proactive. How else would you describe being over a year behind Microsoft, with its much smaller user base?

It’s been a little over a year since Google moved to the Manifest V3 system for Chrome extensions, allegedly for user security reasons. This commitment to user safety seems much less serious after the company left a malicious extension with over a million users on its servers for so long.

Further reading: Essential Tips to Make Chrome More Secure