Google has disabled and removed a popular Chrome extension after detecting malicious activity affecting more than one million users. The extension, called Save Image as Type, was widely used to download images in different formats.
Users began seeing warnings that the extension contained malware. Google also removed it from the Chrome Web Store, making it unusable across Chrome browsers.
According to reports from Android Authority and XDA Developers, the extension was not stealing personal data directly. Instead, it was injecting hidden affiliate links into websites to redirect commissions.
Security researchers found the extension loaded invisible frames on webpages. These frames inserted affiliate tracking codes from hundreds of online stores without user knowledge. Analysis suggests the extension targeted over 500 websites, including major retailers. When users later made purchases, the extension could earn commission from those sales.
The issue appears to have started after the extension changed ownership in late 2025. Earlier versions of the tool were clean and did not include any malicious code. Despite warnings from researchers and earlier action by Microsoft Edge, the extension remained active on Chrome for months. Google had even featured it in its store during that time.
The extension has now been fully disabled, but traces of its activity may remain in browser storage. Experts advise users to remove the extension and clear site data if needed.
The incident highlights growing risks around browser extensions. Tools that appear simple can still introduce hidden behavior that impacts user activity.
Google has not shared a timeline for whether the extension could return after fixes. The case raises broader concerns about how extensions are reviewed and monitored at scale.