Professionals handling visual content often encounter frustrations with Google's WebP image standard, especially when importing files into editing software. To address this, the author relied on a browser add-on for several years to convert and save WebP images in JPEG or PNG formats. Recent revelations indicate this tool was among the latest Chrome extensions acquired by malicious entities and repurposed for data theft.
Known as 'Save image as Type,' the add-on delivered on its name by enabling right-click options for downloading images in various formats. However, an XDA probe revealed that this and numerous other well-regarded extensions were purchased by cybercriminals. These attackers exploit the tools' established credibility on platforms like the Chrome Web Store, then alter them through updates that evade detection by both Google and end-users.
Specifically, the extension interfered with affiliate referral systems, which operate behind the scenes to facilitate online advertising and e-commerce commissions. These mechanisms reward websites for directing traffic to retailers via tracked links—a system that significantly contributes to the income of online content creators, including the author. The add-on intercepted such links and substituted its own referral identifiers, diverting earnings to its controllers. This tactic mirrors a 2024 controversy involving PayPal's Honey service.
Essentially, the profits from these referrals were rerouted to the extension's recent acquirer. The Chrome Web Store listing for 'Save image as Type' transferred ownership around November 2025, following its sale, by which point it had attracted more than 1 million installations and secured a 'Featured' designation from Google. Evidence suggests the compromise occurred well before this official shift, with security experts noting the malicious network in late 2024. XDA reports that Microsoft excised the extension from its Edge Add-ons store in early 2025, given Edge's Chromium foundation and compatibility with Chrome tools.
Google finally delisted 'Save image as Type' from the Chrome Web Store this week, well over a year after Microsoft's action. Visitors to the store now see a notice stating the item is unavailable. Although Chrome is not the author's main browser, the purge also affected their Vivaldi setup—another Chromium variant—where the extension had been installed via the Chrome store, predating the switch away from Chrome.
Users bear some accountability for scrutinizing software updates, including those for extensions, to ensure safety. Yet, for non-technical individuals like the author, even diligent review of code or revised policies would likely fail to uncover subtle threats, a challenge shared by most consumers. Instead, reliance falls on Google to maintain basic safeguards in the Chrome Web Store.
Acquiring established browser extensions and transforming them into malicious software has emerged as a potent strategy for fraudsters. Google demonstrates partial awareness of the problem—possibly prompted by a recent Reddit discussion leading to the takedown—but its security measures appear responsive rather than preventive. This lag is evident in trailing Microsoft by more than a year, despite the latter's smaller audience.
Just over a year has passed since Google implemented Manifest V3 for Chrome extensions, promoted as an enhancement to user protection. The prolonged presence of this harmful add-on, affecting over a million users on Google's platform, undermines that security pledge.