My most useful Chrome extension was stealing my data for years

As someone who works with images for almost every part of my job, I really don’t like Google’s WebP format. It’s fine for what it does, but loading it up in an image editor can often be a headache. So, I use a browser extension to download WebP files as JPEG and PNG—or, at least, I’ve been doing so for a few years. Turns out it was the latest Chrome extension to be sold off and turned into spyware.

The extension in question is, or was, called “Save image as Type.” It did exactly what it promised, offering alternative format downloads via the right-click menu. But according to an investigation from XDA, this and many other popular extensions have been bought up by bad actors, who take advantage of their existing reputations on popular download hubs like the Chrome Web Store. They then modify the extensions, send the update, and neither Google nor Chrome users are the wiser.

In this specific case, the extension was hijacking affiliate links. This is a system that’s mostly invisible to web users, but it’s a core element of how advertising and sales work on the web. When you click a store link on a web page, that store may offer a commission to the site that sent the buyer their way. (Yes, this model pays a considerable part of my salary as a web writer.) The extension was monitoring for these links and hijacking them with its own affiliate code. (PayPal subsidiary Honey was caught doing pretty much the same thing in a high-profile story in 2024.)

In other words, the affiliate revenue was being redirected to the extension’s owner—or should I say its new owner. The Chrome Web Store version of the “Save image as Type” extension officially changed hands sometime in November of 2025, presumably after being sold, and after amassing over 1 million users and earning a “Featured” badge from Google. But it may have been compromised a lot earlier than that. Researchers documented this particular ring of extensions in late 2024, and according to XDA, Microsoft removed this specific extension from its own Edge gallery in early 2025. (Edge is based on Chromium and compatible with Chrome extensions.)

Google removed the “Save image as Type” extension from the Chrome Web Store earlier this week, more than a year later than Edge did. It’s now returning a “This item is not available” message on the Chrome Web Store. Even though Chrome isn’t my primary browser, the removal also took it out of my Vivaldi installation (also Chromium-based) as I had used the Chrome Web Store to find and install the tool, though I’ve been using it since before I switched off of Chrome.

To be fair, as a user, I take at least some of the responsibility here. I should be carefully inspecting every software update to make sure it’s safe, including browser extension updates. But on the other hand… I’m not a developer. Even if I was studiously inspecting every software update, parsing code after carefully reading updated terms of service, I doubt I would have the technical expertise to spot the relevant malicious changes—nor would the vast majority of users. I rely on Google to keep the Chrome Web Store at least somewhat safe.

Buying and weaponizing popular browser extensions is proving to be a very effective technique for scammers. And while Google is at least somewhat aware of the issue—the latest removal might be following a weekend Reddit post— its enforcement of security seems to be reactionary rather than proactive. How else could you describe being more than a year behind Microsoft, with its much smaller userbase?

It’s been a little over a year since Google switched to the Manifest V3 system for Chrome extensions, allegedly for the sake of user security. That commitment to user security is seeming a lot less serious after the company let a malicious extension with over a million users sit on its servers for so long.

Further reading: Essential tips to make Chrome more secure