Chrome VPN Extension with 100k Installs Screenshots All Sites Users Visit

Posted4 months agoActive4 months ago

theapache64

39 points

9 comments

cyberinsider.comSecuritystory

heatednegative

Debate

80/100

VPN SecurityChrome ExtensionsOnline Safety

Key topics

VPN Security

Chrome Extensions

Online Safety

A Chrome VPN extension with 100,000 installs was caught secretly screenshoting every site its users visited, sparking a heated debate about the validation process for browser extensions. Commenters pointed out that while the source code is technically available for inspection, it's often minified and obfuscated, making it nearly impossible for non-experts to detect malicious behavior. Some users called for reporting the extension to the Chrome store en masse, while others expressed skepticism about Google's willingness to take action, with one commenter cynically lumping it in with the "rest of the Google app store malware." The incident highlighted the importance of carefully reviewing browser extension permissions, as users often misunderstand the implications of granting certain permissions.

Snapshot generated from the HN discussion

Discussion Activity

Light discussion

First comment

38m

Peak period

2-4h

Avg / period

1.8

Key moments

01Story posted
Aug 27, 2025 at 3:42 PM EDT
4 months ago
Step 01
02First comment
Aug 27, 2025 at 4:20 PM EDT
38m after posting
Step 02
03Peak activity
3 comments in 2-4h
Hottest window of the conversation
Step 03
04Latest activity
Aug 28, 2025 at 9:50 PM EDT
4 months ago
Step 04

Generating AI Summary...

Analyzing up to 500 comments to identify key contributors and discussion patterns

Discussion (9 comments)

Showing 9 comments

bix6

4 months ago

2 replies

How are people validating extensions these days? Obviously you can run none but if you want to use one is there an easy way to verify it?

loa_in_

4 months ago

1 reply

The source is part of the package, at worst minified, obfuscated, pulling code from external sources. You can inspect it yourself by unpacking the extension installation package and browsing the JavaScript.

bix6

4 months ago

So what you read every line of JavaScript? Or you have some tool for that? I personally can’t imagine catching every potential issue, especially something sneaky, from source.

rKarpinski

4 months ago

> is there an easy way to verify it?

No, because they don't enforce their rules against obfuscation.

Even if there was it wouldn't help you - extensions regularly get sold to scammers who can push whatever update they want. I documented an extension with a few hundred thousand install base, that got sold and turned into malware. Overnight went from tens of lines of code un obfuscated to 10k+ lines obfuscated. Then they flooded the extensions review pages with fake reviews to burry complaints. I got a ticket open thru a contact which to Google's credit they investigated but they decided it wasn't violating enough policies to take any action.

ElijahLynn

4 months ago

2 replies

This needs to be reported to Chromestore, en masse.

rs186

4 months ago

And Google will do nothing about it.

thrown-0825

4 months ago

just put it in the pile with the rest of the google app store malware.

azalemeth

4 months ago

Behind! The online safety act makes netziens safer again!

selinkocalar

4 months ago

This is why browser extension permissions are so important. Users see "VPN" and think privacy, but this extension was doing the exact opposite. 100k installs means this was happening at scale for months or years. Browser stores need better security screening for extensions, especially ones that claim to protect privacy. Always read extension permissions carefully. If a VPN needs access to all your browsing data, that's a red flag.

View full discussion on Hacker News

ID: 45044149Type: storyLast synced: 11/20/2025, 6:56:52 PM

Want the full context?

Jump to the original sources

Read the primary article or dive into the live Hacker News thread when you're ready.

Open link View on HN