In the event you’re utilizing this VPN extension on Chrome, delete it now

If there’s one factor I prioritize on my PC extra than performance, it is safety, and the very last thing I need is for any of my private data to fall into the improper arms. Typically, when you obtain apps from trusted suppliers and usually use Windows Defender, it is pretty simple to maintain your PC safe. Nonetheless, there are refined methods unhealthy actors can access your information without you even realizing it.

One doable methodology is thru Google Chrome extensions. Whereas many Chrome extensions are well-intentioned and pose no risk to your PC, one extension was lately found to be a major security risk, regardless of having each the “Featured” and “Established Writer” badges from Google, in addition to hundreds of downloads.

The extension is known as FreeVPN.One, and when you have it put in, you need to delete it instantly. Why may you be questioning? In keeping with cybersecurity researchers on the Koi Security firm, it is secretly taking screenshots of your browser.

To uninstall an extension from Chrome, click on the Extensions icon (the puzzle piece), then subsequent to the extension’s title, click on the three dots and choose Take away from Chrome.

Folks use VPNs for privateness, however this uncovered VPN extension does the alternative

FreeVPN.One is discovered to be secretly taking webpage screenshots with out consumer consent

Sometimes, while you obtain and use a VPN, you are doing so to boost the safety and privateness of your shopping. Nonetheless, it appears the FreeVPN.One extension on Google Chrome is doing something however that. Whereas its web page on the Chrome Net Retailer could recommend that it is simply an on a regular basis browser VPN, it is truly doing far more than simply hiding your IP handle.

In keeping with the cybersecurity researchers at Koi Security, after an investigation, they discovered that the FreeVPN.One extension is finishing up a sequence of “suspicious actions” within the background that you do not even learn about. One in all them is secretly taking screenshots of your browser.

Koi Safety studies that while you load a webpage with the extension put in, it instantaneously takes a screenshot of your webpage and sends it to a site registered to the extension’s developer. Which means when you’re viewing delicate data in your browser, corresponding to non-public messages, photos, or banking particulars, FreeVPN.One may need secretly captured a screenshot of it. That is finished by way of a script that the extension mechanically injects when a webpage masses. “No consumer motion, no UI trace, the screenshots are taken within the background with out you ever understanding,” Koi Safety explains.

FreeVPN.One additionally presents a “Scan with AI Risk Detection Software.” This characteristic takes a screenshot of a webpage and sends it to a site for scrutiny by its “vetted evaluation companions” to find out if an internet site is protected. In keeping with FreeVPN.One’s privacy policy, this solely happens while you use the characteristic. Nonetheless, the coverage doesn’t point out that it’s truly capturing a screenshot of each webpage you go to with out your consent, as was lately found.

The developer asserts that the screenshots are merely a safety characteristic

Koi Safety’s findings solid excessive doubt on that

When Koi Safety contacted the developer of the FreeVPN Chrome extension, they claimed that the explanation screenshots have been being mechanically taken was a part of a “Background Scanning characteristic” and that it will solely occur if an internet site was thought-about suspicious. Nonetheless, Koi Safety discovered that it took screenshots of trusted web sites, corresponding to Google Sheets and Google Photographs, thereby disproving that declare. The developer claimed the photographs weren’t being saved or used wherever. Nonetheless, the developer supplied no proof of this being the case, and it is unimaginable to know what occurs to one of many screenshots after it is taken. When the developer was requested to show their legitimacy, corresponding to a LinkedIn profile or GitHub account, they stopped speaking.

In keeping with Koi Safety, this growth started in April 2025, when the extension was up to date to require further permissions, together with the “all_urls” permission, which grants entry to each web site you go to. Because the report explains, a VPN usually requires Proxy and Storage permissions to function; nonetheless, FreeVPN.One requests considerably extra permissions than different VPN companies require. In July, the VPN was up to date once more, this time with “AES-256-GCM encryption with RSA,” which makes its actions tougher to trace.

As of now, FreeVPN.One remains to be accessible on the Chrome Net Retailer and nonetheless carries its “Featured” badge and “Established Writer” badge. The latter signifies that the writer has a “constant optimistic monitor file with Google companies,” according to Google. Nonetheless, based mostly on Koi Safety’s report, it’s clear that Google ought to reevaluate each of those badges. When you have the FreeVPN.One extension put in, I like to recommend you uninstall it instantly and alter any passwords for accounts you used whereas it was lively.