That free VPN Chrome and Firefox extension may be reading your clipboard
every half a second, researchers warn
Date:
Wed, 01 Jul 2026 13:22:10 +0000
Description:
Researchers at Socket found two "VPN Go" browser extensions for Chrome and Firefox that posed as free VPNs while quietly stealing clipboard data through later updates.
FULL STORY ======================================================================Copy link Facebook X Whatsapp Reddit Pinterest Flipboard Threads Email Share this article 0 Join the conversation Follow us Add us as a preferred source on Google Newsletter Subscribe to our newsletter Researchers found "VPN Go" extensions for Chrome and Firefox secretly harvesting copied text The clipboard theft was not there at launch and arrived through a later update Anything copied while the extension was active should now be treated as exposed Security researchers at Socket found two browser extensions distributed under the "VPN Go: Free VPN" branding, one listed on the Chrome Web Store and one on Firefox Add-ons, to secretly harvest copied text.
Both present themselves as free VPN tools with working proxy features. Underneath, Socket says , both also run a clipboard stealer that continuously watches copied text and sends it to infrastructure controlled by the
attacker. According to Socket, the clipboard theft was not present when the extensions first appeared. It was added later, through an ordinary-looking update, after the extensions had already built up a base of trusting users. That staged approach is exactly what makes this kind of threat so hard to spot, and why even a fairly cautious user can end up exposed.
For anyone weighing up a no-cost privacy tool, it is worth knowing that not every free option behaves like this, and the best VPN services are tested precisely so you do not have to take this kind of gamble. But this case shows how thin the line can be between a useful free extension and a
data-harvesting one. What Socket's research uncovered (Image credit: Chrome) Socket says the earliest analyzed builds behaved like ordinary proxy extensions, with no confirmed clipboard theft. You may like Google Chrome users beware experts warn over 100 Web Store extensions found stealing user data from thousands of accounts Fake X-VPN installers found to spread credential-stealing malware here's how to stay safe Hackers are hijacking legitimate news websites and reviews to drum up publicity
On Chrome , that changed with version 1.1, when the extension added a script that reads the clipboard and ships those chunks off to a hardcoded address. The Firefox version followed the same path slightly later, moving the same theft loop into its background script.
Once active, the monitoring is relentless. The Chrome content script checks the clipboard roughly every half a second, according to Socket's analysis, while the Firefox build polls every 1.5 seconds.
Each newly copied value is tagged with a session identifier so it can be reassembled on the other end, then sent out over plain HTTP. All of this was happening while the two apps' privacy policies stated that the tools did not collect, store, or share user data and did not keep activity logs.
TechRadar has reached out to VPN Go for comment, but both email addresses bounced, and both extensions have since been pulled from their stores. Why clipboard stealers are dangerous for users The reason clipboard theft is so effective is that it abuses something completely routine. People copy and paste sensitive information all day, and it's not careless to do so. Password managers rely on exactly that: copying long, unique passwords into your accounts. What to read next Best Chrome VPN extensions: secure your browser without opening your VPN with these expert choices Hundreds of thousands at risk as NordVPN uncovers sophisticated adware campaign hidden in 50,000
pirate sites Missing your Proton VPN Firefox add-on? You'll have to use the desktop app for now
An extension that can silently read the clipboard has access to all of this information; it just has to wait for you to copy the right thing. If you have used either of the two extensions in question, you should treat any information you've copied during that time as exposed.
Researchers have repeatedly found free VPN extensions doing things their
users never agreed to. Recent reporting has covered a free Chrome VPN extension caught taking screenshots of every page its users visited, and a malicious free VPN extension that resurfaced after being removed, returning
in a more evasive form.
The pattern is consistent enough that it is worth treating any unknown free VPN extension with caution by default. That caution matters: TechRadar's own polling found that nearly 1 in 4 readers use free VPNs despite knowing the risks. Today's best VPN deals NordVPN 2 Year 2.59 /mth View +3 months free Surfshark 24 Months 1.49 /mth View Proton VPN 24 Month 2.39 /mth View We
check over 250 million products every day for the best prices How to stay
safe If you want the protection a VPN offers without rolling the dice, stick to providers with a track record and independent testing behind them.
A reputable paid service, or one of the carefully vetted best free VPN options, is a far safer bet than an unknown extension promising unlimited access for nothing. As the saying goes, when the product is free, there is a decent chance that you are the product. Follow TechRadar on Google News and add us as a preferred source to get our expert news, reviews, and opinion in your feeds. Make sure to click the Follow button!
======================================================================
Link to news story:
https://www.techradar.com/vpn/vpn-privacy-security/that-free-vpn-chrome-and-fi refox-extension-may-be-reading-your-clipboard-every-half-a-second-researchers- warn
--- Mystic BBS v1.12 A49 (Linux/64)
* Origin: tqwNet Technology News (1337:1/100)