My most helpful Chrome extension was stealing my knowledge for years
Abstract created by Good Solutions AI
In abstract:
- PCWorld experiences that the favored Chrome extension ‘Save picture as Kind,’ utilized by over 1 million folks, turned adware after being bought to new house owners.
- The compromised extension hijacked affiliate hyperlinks to redirect income and remained lively for over a 12 months after Microsoft Edge eliminated it.
- This incident highlights critical safety gaps in Google’s Chrome Internet Retailer monitoring and the dangers customers face with unvetted browser extensions.
As somebody who works with pictures for nearly each a part of my job, I actually don’t like Google’s WebP format. It’s fantastic for what it does, however loading it up in a picture editor can usually be a headache. So, I exploit a browser extension to obtain WebP recordsdata as JPEG and PNG—or, no less than, I’ve been doing so for a number of years. Seems it was the newest Chrome extension to be bought off and was adware.
The extension in query is, or was, known as “Save picture as Kind.” It did precisely what it promised, providing various format downloads by way of the right-click menu. However in accordance with an investigation from XDA, this and lots of different widespread extensions have been purchased up by dangerous actors, who reap the benefits of their current reputations on widespread obtain hubs just like the Chrome Internet Retailer. They then modify the extensions, ship the replace, and neither Google nor Chrome customers are the wiser.
On this particular case, the extension was hijacking affiliate hyperlinks. This can be a system that’s largely invisible to internet customers, however it’s a core ingredient of how promoting and gross sales work on the net. Once you click on a retailer hyperlink on an internet web page, that retailer could supply a fee to the positioning that despatched the customer their approach. (Sure, this mannequin pays a substantial a part of my wage as an internet author.) The extension was monitoring for these hyperlinks and hijacking them with its personal affiliate code. (PayPal subsidiary Honey was caught doing just about the identical factor in a high-profile story in 2024.)
In different phrases, the affiliate income was being redirected to the extension’s proprietor—or ought to I say its new proprietor. The Chrome Internet Retailer model of the “Save picture as Kind” extension formally modified palms someday in November of 2025, presumably after being bought, and after amassing over 1 million customers and incomes a “Featured” badge from Google. However it could have been compromised quite a bit sooner than that. Researchers documented this explicit ring of extensions in late 2024, and in accordance with XDA, Microsoft eliminated this particular extension from its personal Edge gallery in early 2025. (Edge is predicated on Chromium and appropriate with Chrome extensions.)
Google eliminated the “Save picture as Kind” extension from the Chrome Internet Retailer earlier this week, greater than a 12 months later than Edge did. It’s now returning a “This merchandise isn’t out there” message on the Chrome Internet Retailer. Although Chrome isn’t my main browser, the elimination additionally took it out of my Vivaldi set up (additionally Chromium-based) as I had used the Chrome Internet Retailer to search out and set up the device, although I’ve been utilizing it since earlier than I switched off of Chrome.
To be truthful, as a consumer, I take no less than among the duty right here. I must be fastidiously inspecting each software program replace to ensure it’s protected, together with browser extension updates. However then again… I’m not a developer. Even when I was studiously inspecting each software program replace, parsing code after fastidiously studying up to date phrases of service, I doubt I’d have the technical experience to identify the related malicious modifications—nor would the overwhelming majority of customers. I depend on Google to maintain the Chrome Internet Retailer no less than considerably protected.
Shopping for and weaponizing widespread browser extensions is proving to be a really efficient method for scammers. And whereas Google is no less than considerably conscious of the difficulty—the newest elimination may be following a weekend Reddit put up— its enforcement of safety appears to be reactionary moderately than proactive. How else might you describe being greater than a 12 months behind Microsoft, with its a lot smaller userbase?
It’s been a bit of over a 12 months since Google switched to the Manifest V3 system for Chrome extensions, allegedly for the sake of consumer safety. That dedication to consumer safety is seeming quite a bit much less critical after the corporate let a malicious extension with over one million customers sit on its servers for thus lengthy.
Additional studying: Important tricks to make Chrome safer
