- FreeVPN.One’s alleged privacy breach involves unauthorized webpage snapshots.
- Over 100,000 users potentially affected by the breach.
- Highlighted risks of using closed-source browser extensions.
FreeVPN.One, a Chrome extension, covertly captured website screenshots from over 100,000 users, violating privacy without warning. This activity was detected by Koi Security in July 2025.
The incident highlights risks tied to closed-source extensions, affecting trust in Google’s oversight and impacting privacy measures within the browser ecosystem.
FreeVPN.One, a Chrome browser extension, faced allegations of spying on users. Security firm Koi Security identified and exposed the extension’s unauthorized activity of taking “snapshots” of visited websites. This raised major privacy concerns for over 100,000 users.
The developer of FreeVPN.One remains anonymous, providing no response to allegations. The extension, which once carried Google’s “Featured” badge, secretly collected user information. Koi Security’s Lotan Sery spearheaded the investigation into these alleged privacy breaches.
“After extensive analysis, we discovered that starting in July 2025, FreeVPN.One silently started taking screenshots of every site users visited, uploading them without any user warning or opt-in. This is among the most serious Chrome extension privacy breaches to date.” – Lotan Sery, Security Researcher, Koi Security
Security Concerns Arise
Industry Impact and Future Measures
Regulatory discussions may ensue about strengthening extension oversight. Past breaches, like the January 2025 extension delisting, echo ongoing security challenges. The incident serves as a reminder of persistent privacy risks and the necessity for robust digital safeguards.
