In the event you’re utilizing this VPN extension on Chrome, delete it now

If there may be one factor I prioritize on my PC extra than performance, it is safety, and the very last thing I would like is for any of my private data to fall into the incorrect fingers. Typically, when you obtain apps from trusted suppliers and commonly use Windows Defender, it is pretty straightforward to maintain your PC safe. Nonetheless, there are delicate methods dangerous actors can access your information without you even realizing it.

One potential technique is thru Google Chrome extensions. Whereas many Chrome extensions are well-intentioned and pose no risk to your PC, one extension was just lately found to be a major security risk, regardless of having each the “Featured” and “Established Writer” badges from Google, in addition to 1000’s of downloads.

The extension known as FreeVPN.One, and if in case you have it put in, it’s best to delete it instantly. Why would possibly you be questioning? In keeping with cybersecurity researchers on the Koi Security firm, it is secretly taking screenshots of your browser.

To uninstall an extension from Chrome, click on the Extensions icon (the puzzle piece), then subsequent to the extension’s identify, click on the three dots and choose Take away from Chrome.

Individuals use VPNs for privateness, however this uncovered VPN extension does the other

FreeVPN.One is discovered to be secretly taking webpage screenshots with out consumer consent

Usually, if you obtain and use a VPN, you are doing so to reinforce the safety and privateness of your searching. Nonetheless, it appears the FreeVPN.One extension on Google Chrome is doing something however that. Whereas its web page on the Chrome Internet Retailer could counsel that it is simply an on a regular basis browser VPN, it is truly doing rather more than simply hiding your IP tackle.

In keeping with the cybersecurity researchers at Koi Security, after an investigation, they discovered that the FreeVPN.One extension is finishing up a collection of “suspicious actions” within the background that you do not even find out about. One in every of them is secretly taking screenshots of your browser.

Koi Safety studies that if you load a webpage with the extension put in, it instantaneously takes a screenshot of your webpage and sends it to a site registered to the extension’s developer. Which means that when you’re viewing delicate data in your browser, resembling personal messages, photos, or banking particulars, FreeVPN.One may need secretly captured a screenshot of it. That is accomplished via a script that the extension robotically injects when a webpage hundreds. “No consumer motion, no UI trace, the screenshots are taken within the background with out you ever figuring out,” Koi Safety explains.

FreeVPN.One additionally affords a “Scan with AI Risk Detection Instrument.” This characteristic takes a screenshot of a webpage and sends it to a site for scrutiny by its “vetted evaluation companions” to find out if a web site is secure. In keeping with FreeVPN.One’s privacy policy, this solely happens if you use the characteristic. Nonetheless, the coverage doesn’t point out that it’s truly capturing a screenshot of each webpage you go to with out your consent, as was just lately found.

The developer asserts that the screenshots are merely a safety characteristic

Koi Safety’s findings solid excessive doubt on that

When Koi Safety contacted the developer of the FreeVPN Chrome extension, they claimed that the explanation screenshots have been being robotically taken was a part of a “Background Scanning characteristic” and that it might solely occur if a web site was thought of suspicious. Nonetheless, Koi Safety discovered that it took screenshots of trusted web sites, resembling Google Sheets and Google Photographs, thereby disproving that declare. The developer claimed the photographs weren’t being saved or used anyplace. Nonetheless, the developer offered no proof of this being the case, and it is unimaginable to know what occurs to one of many screenshots after it is taken. When the developer was requested to show their legitimacy, resembling a LinkedIn profile or GitHub account, they stopped speaking.

In keeping with Koi Safety, this improvement started in April 2025, when the extension was up to date to require extra permissions, together with the “all_urls” permission, which grants entry to each web site you go to. Because the report explains, a VPN usually requires Proxy and Storage permissions to function; nevertheless, FreeVPN.One requests considerably extra permissions than different VPN companies require. In July, the VPN was up to date once more, this time with “AES-256-GCM encryption with RSA,” which makes its actions tougher to trace.

As of now, FreeVPN.One remains to be out there on the Chrome Internet Retailer and nonetheless carries its “Featured” badge and “Established Writer” badge. The latter signifies that the writer has a “constant optimistic observe file with Google companies,” according to Google. Nonetheless, based mostly on Koi Safety’s report, it’s clear that Google ought to reevaluate each of those badges. When you’ve got the FreeVPN.One extension put in, I like to recommend you uninstall it instantly and alter any passwords for accounts you used whereas it was lively.