Unsafe browsing: Google Chrome's favored VPN extension, FreeVPN.One, covertly captures and transmits records of all visited pages to an unidentified developer, causing significant privacy concerns.
In a shocking revelation, the Google Chrome extension FreeVPN.One, with over 100,000 installs, has been discovered to secretly take screenshots of visited websites and send them to a remote server controlled by its developer.
Originally a legitimate VPN extension, FreeVPN.One turned malicious after recent updates, starting from version 3.0.3 in April 2025. The extension obtained excessive permissions, including , , and , which are not typically required for a VPN and allow it to monitor and capture user activity.
With these permissions, FreeVPN.One uses the Chrome API to silently take screenshots of every webpage one second after loading. These screenshots are then sent to the remote server without any user notification, UI indication, or explicit consent, making it a significant breach of trust and privacy.
The screenshots, along with the page URL, tab ID, and a unique user identifier, are sent to the domain . This covert spying continued for months before the extension was removed from the Chrome Web Store in late August 2025.
Despite having Google's "Verified" and "Featured" badges, FreeVPN.One engaged in this covert spying for months, raising concerns about the security gaps in browser extension vetting. Users are strongly advised to uninstall FreeVPN.One to protect their online privacy.
It's worth noting that FreeVPN.One was marketed as the fastest free VPN for Chrome and displayed a "Featured" badge awarded by Google. However, the extension's policy has undergone changes, with a recent version missing the section about anonymized usage data and a disclaimer about warranties.
Furthermore, the updated policy no longer mentions that FreeVPN.One is operated by CMO Ltd., and there's no explicit information about the company that operates the extension. The developer stopped responding to researchers' inquiries when asked for evidence of legitimacy, and the domain associated with the provided email for contacting the developer redirects to a page for Phoenix Software Solutions.
This case serves as a reminder that trust in free Chrome extensions, especially those operated by unknown developers, requires a significant amount of trust, as they can potentially screenshot every page visited by its users. Users are advised to exercise caution and only install extensions from reputable developers.
Read also:
- Industries Under Jeopardy Due to Multi-Accounting: Prevention Strategies Revealed in 2024
- Web3 Esports undergoes transformation as Aylab and CreataChain collaborate for a radical change
- Latest Tech Highlights: Top Gadgets of March 2025
- Law enforcement access to encrypted user data is denied by Apple, following a UK court order.
