Google blocks Chrome extension with over one million users over security risks

Google has disabled and removed a popular Chrome extension used by more than one million people, citing security risks and suspected malicious behaviour embedded within the software.

The extension, “Save Image as Type”, was flagged by Chrome as containing malware and has been pulled from the Chrome Web Store. Users attempting to access it were met with warnings that the tool had been disabled to protect their systems.

The move highlights growing scrutiny of browser extensions, which often operate with broad permissions and can access user activity across websites. While the exact nature of the threat has not been formally detailed by Google, early analysis suggests the issue may be linked to unauthorised manipulation of affiliate links.

According to Android Authority, discussions on Reddit in recent days had already raised concerns about the extension’s behaviour. Users examining its code claimed it redirected traffic through hidden affiliate mechanisms, replacing existing tracking links on e-commerce platforms such as Amazon and Best Buy.

One Reddit user said the extension loaded external sites through hidden frames to insert affiliate codes, effectively diverting commissions without users’ knowledge. Such activity, while not necessarily exposing personal data, raises questions around transparency and misuse of browser permissions.

There is no clear evidence so far that sensitive user data was compromised, but the incident underscores how even widely used tools can operate in ways that are not immediately visible to end users.

The extension had built a substantial user base, with more than one million installs and over 1,700 reviews, maintaining a rating above four stars prior to its removal. It offered a simple utility—allowing users to save images in different file formats directly from the browser—which contributed to its popularity.

According to XDA Developers, similar concerns about the extension’s behaviour had surfaced earlier, including on Microsoft’s Edge browser, where it was reportedly flagged for comparable issues more than a year ago. The persistence of these concerns raises questions about how such tools pass platform review processes and remain active over extended periods.

The incident comes amid heightened focus on cybersecurity risks associated with third-party browser extensions. Technology companies, including Google, have increasingly tightened controls and introduced automated checks to identify suspicious activity, but enforcement remains uneven across a vast ecosystem of add-ons.

Looking ahead, it remains unclear whether the extension will return to the Chrome Web Store if the issues are addressed. For users, the episode serves as a reminder to regularly audit installed extensions and limit permissions to reduce exposure to hidden or unintended risks.