Google removed the “Save image as Type” extension from Chrome Web Store, which allowed downloading images in specific formats even when sites blocked this option in the context menu. The tool was classified as malware after users reported problems and analyzes revealed malicious code. With over a million installations recorded before removal, the extension stopped working on Chrome browsers in March 2026.
The action came quickly after reports emerged on online forums highlighting suspicious behavior. Google blocked the extension on installed devices and removed its page from the official store. Usuários who still had the add-on received alerts indicating the presence of malware, which prevented its continued use.
Change of ownership raises suspicions
The extension changed hands in August 2024, when the developer’s email changed from an individual name to an account associated with “Image4Tools”. Essa transition marked the beginning of code changes that compromised the tool.
After the change, the inject.js file began to communicate with external servers. Essa communication compiled lists of visited URLs and inserted affiliate links on 578 different websites.
The mechanism diverted commissions from purchases made by users after using the extension to download images. Sites originals lost revenue, while extension operators gained financially in a hidden way.
Malicious code injected into the browser
The malicious component did not install traditional viruses on the device, but exploited the extension’s access to visited pages. Ele monitored browsing activities to identify affiliate opportunities and replaced legitimate links with manipulated versions.
Exposed users had browsing data collected without transparency or explicit consent. The practice resembles previous cases where popular extensions were changed for questionable commercial purposes.
Google acted to protect users by disabling the extension in bulk. The measure included the immediate removal of the store and blocking of active instances of the browser.
Recommended safe alternatives
Similar extensions continue to be available on Chrome Web Store, as long as they follow the privacy and security policies. One option cited by users is “Save Image As PNG”, which offers similar functionality without the problems identified.
This alternative has fewer facilities, but maintains acceptable practices according to Google guidelines. Usuários should check recent reviews and requested permissions before installing any add-ons.
Experts recommend regularly reviewing active browser extensions. Acessar chrome://extensions/ allows you to quickly disable or remove suspicious items.
Similar removal history
Microsoft had already removed the extension version for Edge a few months earlier, after identifying malicious activity in late 2024. The delay in taking action on
Extensions that change ownership require greater vigilance from platforms. Alterações in code after transfer can introduce risks without users immediately noticing.
The case reinforces the importance of keeping the browser updated and avoiding extensions with excessive permissions. Google continues to improve detection mechanisms to prevent similar incidents in the future.
Guidance for affected users
Anyone who used the extension must manually remove it if it still appears in the list of add-ons. Reiniciar or Chrome after deletion ensures that changes are applied.
Checking recent purchase history helps identify whether there have been commission deviations on websites visited. Embora the financial impact is indirect, data collection represents a risk to privacy.
Keeping your antivirus up to date and scanning your system offers an extra layer of protection. The incident highlights vulnerabilities in the browser extension ecosystem.
