Over one million users of the Chrome extension ”Save image as Type?” found their tool abruptly disabled overnight by Google due to malware concerns. Popular for letting users right-click and save images as PNG, JPG, or WebP formats instantly, the extension was pulled from the Chrome Web Store after Google flagged it for malicious activity involving affiliate code hijacking.
While the exact malicious actions remain unspecified, community investigations on Reddit uncovered that the extension covertly hijacked affiliate codes from websites like Amazon and Best Buy. Instead of stealing sensitive user data, it replaced legitimate affiliate links with its own, siphoning commissions when users visited these sites.
One Reddit user, AdamConwayIE, detailed the extension’s behavior: it loaded hidden iFrames from over 578 different domains, swapping out affiliate codes automatically in users’ browsers. This scheme had been noted before-in fact, a similar version of the extension for Microsoft Edge was flagged more than a year ago for the same tactic.
Despite these issues, ”Save image as Type” maintained a strong user base, with more than one million installs and a 4.2-star rating from over 1,700 reviews on the Chrome Web Store. Google had even featured the extension before the discovery of its affiliate code hijacking.
It is uncertain if the developers will resolve the problems and regain Google’s trust to re-list the extension. For now, users will have to seek alternatives for easy image-saving capabilities without the covert affiliate link replacements.