For those who’re utilizing this VPN extension on Chrome, delete it now

If there’s one factor I prioritize on my PC extra than performance, it is safety, and the very last thing I would like is for any of my private info to fall into the fallacious arms. Typically, for those who obtain apps from trusted suppliers and often use Windows Defender, it is pretty simple to maintain your PC safe. Nevertheless, there are delicate methods unhealthy actors can access your information without you even realizing it.

One potential technique is thru Google Chrome extensions. Whereas many Chrome extensions are well-intentioned and pose no menace to your PC, one extension was not too long ago found to be a major security risk, regardless of having each the “Featured” and “Established Writer” badges from Google, in addition to 1000’s of downloads.

The extension is named FreeVPN.One, and in case you have it put in, it’s best to delete it instantly. Why may you be questioning? In line with cybersecurity researchers on the Koi Security firm, it is secretly taking screenshots of your browser.

To uninstall an extension from Chrome, click on the Extensions icon (the puzzle piece), then subsequent to the extension’s title, click on the three dots and choose Take away from Chrome.

Folks use VPNs for privateness, however this uncovered VPN extension does the alternative

FreeVPN.One is discovered to be secretly taking webpage screenshots with out person consent

Usually, once you obtain and use a VPN, you are doing so to reinforce the safety and privateness of your looking. Nevertheless, it appears the FreeVPN.One extension on Google Chrome is doing something however that. Whereas its web page on the Chrome Net Retailer could counsel that it is simply an on a regular basis browser VPN, it is really doing rather more than simply hiding your IP deal with.

In line with the cybersecurity researchers at Koi Security, after an investigation, they discovered that the FreeVPN.One extension is finishing up a collection of “suspicious actions” within the background that you do not even find out about. One in every of them is secretly taking screenshots of your browser.

Koi Safety studies that once you load a webpage with the extension put in, it instantaneously takes a screenshot of your webpage and sends it to a website registered to the extension’s developer. Because of this for those who’re viewing delicate info in your browser, reminiscent of non-public messages, photos, or banking particulars, FreeVPN.One might need secretly captured a screenshot of it. That is completed by way of a script that the extension robotically injects when a webpage hundreds. “No person motion, no UI trace, the screenshots are taken within the background with out you ever understanding,” Koi Safety explains.

FreeVPN.One additionally provides a “Scan with AI Risk Detection Instrument.” This characteristic takes a screenshot of a webpage and sends it to a website for scrutiny by its “vetted evaluation companions” to find out if an internet site is secure. In line with FreeVPN.One’s privacy policy, this solely happens once you use the characteristic. Nevertheless, the coverage doesn’t point out that it’s really capturing a screenshot of each webpage you go to with out your consent, as was not too long ago found.

The developer asserts that the screenshots are merely a safety characteristic

Koi Safety’s findings solid excessive doubt on that

When Koi Safety contacted the developer of the FreeVPN Chrome extension, they claimed that the rationale screenshots had been being robotically taken was a part of a “Background Scanning characteristic” and that it will solely occur if an internet site was thought of suspicious. Nevertheless, Koi Safety discovered that it took screenshots of trusted web sites, reminiscent of Google Sheets and Google Images, thereby disproving that declare. The developer claimed the pictures weren’t being saved or used wherever. Nevertheless, the developer offered no proof of this being the case, and it is not possible to know what occurs to one of many screenshots after it is taken. When the developer was requested to show their legitimacy, reminiscent of a LinkedIn profile or GitHub account, they stopped speaking.

In line with Koi Safety, this growth started in April 2025, when the extension was up to date to require further permissions, together with the “all_urls” permission, which grants entry to each web site you go to. Because the report explains, a VPN usually requires Proxy and Storage permissions to function; nonetheless, FreeVPN.One requests considerably extra permissions than different VPN providers require. In July, the VPN was up to date once more, this time with “AES-256-GCM encryption with RSA,” which makes its actions more durable to trace.

As of now, FreeVPN.One continues to be out there on the Chrome Net Retailer and nonetheless carries its “Featured” badge and “Established Writer” badge. The latter signifies that the writer has a “constant constructive monitor report with Google providers,” according to Google. Nevertheless, based mostly on Koi Safety’s report, it’s clear that Google ought to reevaluate each of those badges. You probably have the FreeVPN.One extension put in, I like to recommend you uninstall it instantly and alter any passwords for accounts you used whereas it was energetic.