Free Chrome VPN Extension Leave Users Exposed -A Research Reveal this Vulnerability


Free Chrome VPN Extension Leave Users Exposed: A virtual private network is one such tool that offers privacy protection to users; besides a variety of other services such as IP masking, content unblocking, and others. Because of the popularity of VPNs, there is a range of such services available now, both free and paid. People are more drawn towards the free stuff; therefore, the number of free VPNs have increased by leaps and bounds.(also see, What Are the Security Features Of NordVPN?)

Whereas premium VPN Chrome extensions have a registration fee as well as a monthly fee, free VPNs don’t cost anything. People can sign up and start using the application on their phone or computer.

Get 68% off NordVPN (drops the price down to $3.71 per month)
(Discount is applied automatically)

Free Chrome VPN Extension Leave Users Exposed

There’s No Such Thing As Free

When a VPN doesn’t charge money from customers, it is surely making money by selling customer data to advertising partners because free VPNs are always ad-supported.

Recently, there has been another case that highlights how unsafe free VPNs are. Instead of protecting your data, they make you more vulnerable to external threats. The latest research has found that several free VPNs are leaking DNS queries and exposing the Internet activities of the user to the ISP

The research was conducted by ethical hacker and security researcher John Mason, who provided a detailed study involving seventeen different VPN services that work as Chrome browser extensions. Ten of those VPNs, all of them free, have been found to leak data.

What are DNS queries?

They refer to requests your computer makes to the Internet for the websites you want to visit. In the typical case, a VPN is supposed to cloak such queries.

But the research has revealed that the browser extensions have been leaking the data because of a Chrome function called DNS prefetching. This function is intended to help websites load faster by making Chrome prefetch domain names that appear in the hyperlinks that come up in the browser.

For example, when Chrome comes across a Google search result page, the browser extracts the domain name from each hyperlink and assign each of them to an IP address.

A Difficult Issue

What Mason has discovered is that various of the VPN Chrome extensions studied have failed to mask this prefetching function, exposing DNS queries to an ISP. Since the study was published, a few of the VPNs mentioned have fixed the problem, but not all of them seem to bother about the leak. One of the VPNs studied in the research, Hola VPN, doesn’t intend to change anything.

In response, Hola has stated that it is primarily a content unblocker; used by those who want an open view of video content from other countries. For example, people in the US who want to view Netflix UK can use Hola VPN. Those who don’t want an unblocking service and only seek privacy protection should use a different VPN. That’s the reason before purchasing a VPN; people must look deeper into the types of services they provide.

Mason again studied the VPNs included in the research after they claimed to have fixed the issue and found that the problem persists. It means that to provide complete security to users; these VPNs would need to change the way they operate, which they aren’t willing to do.

Conclusion -Free Chrome VPN Extension Leave Users Exposed

Subsequently, the only choice for people right now is to choose only genuine VPNs that have had a long run in the industry. By avoiding free VPNs and choosing reliable paid services; users can minimize the risk and protect their data online. You may also check, How to Install ExpressVPN Chrome Extension?


  1. When it comes to your own privacy $50 or so a year on a premium VPN provider is not that much money. You get a lot for what u pay! Free extension are just exploiting you. Be aware what you are using it for


Please enter your comment!
Please enter your name here

This site uses Akismet to reduce spam. Learn how your comment data is processed.