When you’re utilizing this VPN extension on Chrome, delete it now

If there’s one factor I prioritize on my PC extra than performance, it is safety, and the very last thing I need is for any of my private data to fall into the flawed fingers. Typically, for those who obtain apps from trusted suppliers and usually use Windows Defender, it is pretty simple to maintain your PC safe. Nevertheless, there are refined methods dangerous actors can access your information without you even realizing it.

One potential methodology is thru Google Chrome extensions. Whereas many Chrome extensions are well-intentioned and pose no menace to your PC, one extension was just lately found to be a major security risk, regardless of having each the “Featured” and “Established Writer” badges from Google, in addition to 1000’s of downloads.

The extension known as FreeVPN.One, and if in case you have it put in, you need to delete it instantly. Why would possibly you be questioning? In line with cybersecurity researchers on the Koi Security firm, it is secretly taking screenshots of your browser.

To uninstall an extension from Chrome, click on the Extensions icon (the puzzle piece), then subsequent to the extension’s identify, click on the three dots and choose Take away from Chrome.

Individuals use VPNs for privateness, however this uncovered VPN extension does the other

FreeVPN.One is discovered to be secretly taking webpage screenshots with out person consent

Sometimes, whenever you obtain and use a VPN, you are doing so to reinforce the safety and privateness of your looking. Nevertheless, it appears the FreeVPN.One extension on Google Chrome is doing something however that. Whereas its web page on the Chrome Net Retailer could recommend that it is simply an on a regular basis browser VPN, it is truly doing rather more than simply hiding your IP tackle.

In line with the cybersecurity researchers at Koi Security, after an investigation, they discovered that the FreeVPN.One extension is finishing up a sequence of “suspicious actions” within the background that you do not even find out about. One in every of them is secretly taking screenshots of your browser.

Koi Safety reviews that whenever you load a webpage with the extension put in, it instantaneously takes a screenshot of your webpage and sends it to a site registered to the extension’s developer. Because of this for those who’re viewing delicate data in your browser, resembling non-public messages, pictures, or banking particulars, FreeVPN.One may need secretly captured a screenshot of it. That is finished by way of a script that the extension robotically injects when a webpage masses. “No person motion, no UI trace, the screenshots are taken within the background with out you ever understanding,” Koi Safety explains.

FreeVPN.One additionally gives a “Scan with AI Menace Detection Device.” This characteristic takes a screenshot of a webpage and sends it to a site for scrutiny by its “vetted evaluation companions” to find out if a web site is protected. In line with FreeVPN.One’s privacy policy, this solely happens whenever you use the characteristic. Nevertheless, the coverage doesn’t point out that it’s truly capturing a screenshot of each webpage you go to with out your consent, as was just lately found.

The developer asserts that the screenshots are merely a safety characteristic

Koi Safety’s findings solid excessive doubt on that

When Koi Safety contacted the developer of the FreeVPN Chrome extension, they claimed that the explanation screenshots have been being robotically taken was a part of a “Background Scanning characteristic” and that it might solely occur if a web site was thought-about suspicious. Nevertheless, Koi Safety discovered that it took screenshots of trusted web sites, resembling Google Sheets and Google Images, thereby disproving that declare. The developer claimed the pictures weren’t being saved or used wherever. Nevertheless, the developer supplied no proof of this being the case, and it is not possible to know what occurs to one of many screenshots after it is taken. When the developer was requested to show their legitimacy, resembling a LinkedIn profile or GitHub account, they stopped speaking.

In line with Koi Safety, this growth started in April 2025, when the extension was up to date to require further permissions, together with the “all_urls” permission, which grants entry to each web site you go to. Because the report explains, a VPN sometimes requires Proxy and Storage permissions to function; nonetheless, FreeVPN.One requests considerably extra permissions than different VPN companies require. In July, the VPN was up to date once more, this time with “AES-256-GCM encryption with RSA,” which makes its actions more durable to trace.

As of now, FreeVPN.One continues to be out there on the Chrome Net Retailer and nonetheless carries its “Featured” badge and “Established Writer” badge. The latter signifies that the writer has a “constant optimistic monitor file with Google companies,” according to Google. Nevertheless, primarily based on Koi Safety’s report, it’s clear that Google ought to reevaluate each of those badges. If in case you have the FreeVPN.One extension put in, I like to recommend you uninstall it instantly and alter any passwords for accounts you used whereas it was energetic.