Compromised Chrome extension: over 1 million users affected
A new cybersecurity incident draws attention to vulnerabilities in the browser extension ecosystem. A popular Chrome extension, used for saving images in various formats, has been compromised and turned into a malicious tool, affecting over 1 million users globally.
In this article, you will find out what happened, how the attack worked, what risks it involves, and how you can protect yourself.
“Save Image as Type” was a popular Chrome extension
The “Save Image as Type” extension was a widely used tool by Chrome users to quickly convert images from modern formats like WebP to more common formats such as JPG or PNG. Its popularity grew with the adoption of modern image formats, which are more efficient but not always compatible with all applications.
However, this seemingly trivial utility caught the attention of attackers, who took advantage of its large user base and the trust built over time.
How the extension was compromised
Instead of creating a malicious extension from scratch, hackers adopted a more subtle strategy: they acquired the extension from the original developer.
After the takeover, they introduced malicious code in subsequent updates. Essentially, users continued to use the extension without knowing that it had become an attack tool.
This technique is increasingly common in cybersecurity, as it exploits existing trust in popular applications.
What the malicious code introduced into the popular Chrome extension did
The main purpose of the attack was not direct theft of passwords or sensitive data, but fraudulent monetization through the manipulation of affiliate links.
Specifically, the extension:
- modified affiliate links on e-commerce sites like Amazon or other online stores
- redirected user traffic
- injected code into visited web pages
- generated illegal commissions for attackers
In some cases, the extension loaded commercial sites in the background via hidden iframes to place affiliate cookies (“cookie stuffing”), without the user noticing.
Impact on users
Although the attack did not directly target sensitive personal data, the impact should not be underestimated:
- over 1 million users affected
- modification of browser behavior without consent
- potential exposure to other security risks
- indirect financial losses for companies and affiliates
Moreover, the extension operated in this compromised form for several weeks or even months before being detected and removed.
Why browser extensions are an attractive target
Chrome extensions have extensive access to user activity, including visited pages and their content. This makes them extremely attractive to attackers.
According to specialists, hackers are increasingly preferring:
- hijacking existing extensions
- exploiting developer accounts
- introducing malicious updates
This approach is effective because users tend to trust already installed applications.
How to protect yourself from malicious extensions
To avoid such situations, it is important to adopt some good security practices:
1. Periodically check installed extensions
Remove any extension you no longer use.
2. Pay attention to permissions
If an extension requests access to all websites, analyze if it is justified.
3. Monitor extension behavior
Strange redirects or page modifications can be signs of compromise.
4. Install extensions only from secure sources
Even then, check reviews and developer history.
5. Immediately uninstall compromised extensions
In this case, users are advised to remove the extension and check for any effects on the browser.
Any Chrome extension can turn into a major risk
The “Save Image as Type” incident highlights a major risk in using browser extensions: even trusted applications can become dangerous overnight.
In an increasingly complex digital context, security no longer depends only on the software used, but also on user vigilance. Periodically checking extensions and adopting good security practices can make the difference between a secure and a compromised online experience.
Sources: techspot.com, xda-developers.com
