A recently uncovered Chrome extension, FreeVPN.One, has been secretly capturing private browsing data from users, undermining the expectation of privacy that users seek from free VPN services. The extension, which has over 100,000 installs and was even featured on Chrome, was found to be taking screenshots of every website users visited, including those on trusted platforms like Google Photos and Google Sheets. The developer allegedly claimed these images were only briefly analyzed for threats, but Koi Security researchers confirmed that the data was sent to servers under the developer’s control.
FreeVPN.One’s permissions were added incrementally, disguised as an ‘AI Threat Detection’ feature. However, it allowed the extension to access every page opened by users, including private browsing sessions. The researchers demonstrated that the extension could take screenshots even on secure sites, which raised serious concerns about the extent of data exposure. While the extension was removed from the Chrome Web Store, the incident highlights a critical gap in how Chrome enforces its security standards for features.
Users who installed FreeVPN.One are advised to remove the extension immediately, as the data collected could already be circulating on data broker sites. Experts recommend using a reputable, audited VPN service instead of free tools that come with hidden costs. It is also advised to run a trusted antivirus scan and to check whether personal passwords have been exposed in past data breaches. The FreeVPN.One case serves as a cautionary tale about the risks of ‘free’ software and the importance of maintaining a strong cybersecurity posture.