One of the biggest benefits of having access to full PC-class web browsers is that they generally offer native support for third-party extensions and plug-ins. These small applets are capable of bolstering a given browser’s capabilities in any number of ways, ranging from tools designed to enhance productivity, to strange and quirky add-ons built to put a smile on your face.

Now, for the most part, third-party extensions are regulated within dedicated software markets, with screening processes, notarization systems, and mandatory adherence guidelines all present. For example, on Google Chrome, plug-ins that are featured within the official Chrome Web Store are supposed to adhere to strict guidelines, with developer-declared disclosure of data practices and transparently conveyed permission requirements.

With this all being the case, I’ve historically been fairly loosey-goosey in my approach to installing browser extensions. As someone who has been using Chrome for a number of years and across multiple different computing platforms, I’ve accrued quite a collection of third-party plug-ins in my time, and, being the digital pack rat I am, I’ve hardly ever gone back to prune the older, lesser-known ones from my library.

Then, something unexpected happened yesterday morning: upon launching a new instance of Chrome at the beginning of my work day, I was met with an ominous notification prompt. This prompt warned me that one of my extensions, Save Image as Type, had been blocked due to its containment of malware.

Needless to say, I was shocked. Save Image as Type isn’t some niche, underground Chrome extension. Rather, it’s a mainstream utility that previously featured predominantly within the Chrome Web Store, and that many tens of thousands (if not millions) of users have used on their PCs over the years.

Save Image as Type has also been a staple of my personal workflow for years. My work day often consists of downloading images from the web, and having the ability to quickly download these pictures in one of several specific image file formats from the right-click context menu has saved me countless headaches (and possibly even early-onset carpal tunnel, for that matter).

Save as Image Type’s malicious nature caught me off guard

Seeing such an alert on my Chrome browser has been a wake-up call for me

Credit: Pocket-lint / Google

Doing a bit of digging, it appears that Google has indeed blocked the Save as Image Type extension across the board on Chrome, while also delisting the plug-in from the Chrome Web Store. There’s a lot of speculation circulating online regarding the nature of the plug-in’s malware, with explanations ranging from cookie trackers and keyloggers, to Honey-style affiliate link auto redirects, and just about everything in between.

Notably, it appears that Save as Image Type was previously flagged and subsequently removed from Edge, Microsoft’s in-house Chromium web browser, over a year ago (via Windows Central). In other words, Google continued to promote a plug-in with potentially malicious code well after it had already been purged from its competitor’s online extension marketplace.

In any case, one thing is now clearer to me than ever: just because an app or other piece of software is being promoted on the front page of a digital marketplace, doesn’t mean that it’s immune to being malicious, virus-infested, or filled with trackers. I placed too much trust in Google’s vetting process, and now I’m reaping the consequences. I’m left without conclusive details on exactly what malicious code may have been operating within my web browser, or whether it even impacted me personally or not.

I may have been caught totally off guard by this Save as Image Type fiasco, but it has at least given me the wake-up call I needed to start taking my privacy and security more seriously. I’ve since gone through my own list of Chrome extensions — both the enabled and the disabled ones — with the intention of spring-cleaning the ones I don’t absolutely need. Not only is this likely to improve overall browsing performance, but it’ll also reduce my risk by plugging as many attack vectors as possible.

How to manage your Chrome extensions

You can do so from your Chrome browser on Windows 11, macOS, or ChromeOS

If you’re looking to heed my advice of staying on top of all your web browser extensions, the good news is that the process is pretty painless. Of course, each browser does things slightly differently, but the general gist of the process is similar across most browsers on the market. Here are the basic steps for managing plug-ins from within Google Chrome, the world’s most popular (and, thus, most prone to viral activity) portal onto the internet:

1. Launch Google Chrome on your Windows 11, macOS, or ChromeOS computer.
2. Tap or click on the ellipsis (three-dot) menu button located in the top right-hand corner of the app’s interface.
3. Next, tap or click on Extensions > Manage Extensions.
4. From here, you can quickly scan through all your installed plug-ins, take action on the ones you don’t need, and view a report from Google’s automatic Safety Check feature.

As I’ve come to learn the hard way, it’s always best to keep tabs on all installed browser extensions from the get-go, and to stay on top of things as much as possible. I’m still left wondering what exactly happened with the Save Image as Type extension in particular, but I’m thankful that Google did at least take action to disable it, albeit not in the timely manner I’d have hoped for.

If you happen to be someone who relied on the now-unlisted plug-in on a regular basis, there are some alternative options worth checking out. Various Reddit users have chimed in with recommendations, and there’s even open-source forks and recreations of the utility sprouting up on places like GitHub. Ultimately, I hope to see native ‘save as file type X’ behavior added to Google Chrome proper, but, for the time being, just be aware that not all third-party plug-ins are created equal.