Monday 30 March 2026Afternoon Edition

ZOTPAPER

News without the noise

Cybersecurity

Popular Chrome Extension With One Million Users Was Secretly Scraping Browsing Data for Profit

Google removes Save image as Type extension after discovering it contained malware harvesting user data

Zotpaper2 min read
Google has removed the popular "Save image as Type" Chrome extension from the Web Store after discovering it contained malware that was secretly scraping users' browsing data. The extension, which had accumulated over one million users, was flagged for removal with Google warning affected users that their data may have been compromised.

The extension, which allowed users to save images in different file formats directly from the browser, appeared to be a straightforward utility tool. However, Google's security review revealed that it had been modified to include data harvesting code that collected browsing activity and sold it to third parties.

Affected users are being notified through Chrome's extension management interface, with Google recommending immediate removal. The incident highlights the ongoing challenge of maintaining security in browser extension ecosystems, where popular tools can be acquired or modified to include malicious functionality.

This is not an isolated case. Chrome extensions have repeatedly been weaponised after being sold to new owners who inject tracking or malware code. The extension marketplace model, where developers can transfer ownership of popular extensions, creates a persistent attack vector that affects millions of users.

Analysis

Why This Matters

Browser extensions operate with broad permissions that give them access to browsing history, page content, and sometimes credentials. When a trusted extension turns malicious, the blast radius can be enormous.

What to Watch

Users should audit their installed extensions regularly and remove any that are no longer actively maintained or have changed ownership.

Sources