Your IP:
Your Location:
Your Status:
VeePN Blog Blog
  • VPN Apps
    • Desktop / Mobile
    • Windows
    • MacOS
    • Linux
    • iOS
    • Android
    • Devises
    • Smart TV
    • Fire TV
    • Android TV
    • Apple TV
    • Router
    • Gaming
    • Xbox
    • PlayStation
    • Extension
    • Chrome
    • Firefox
    • Edge
    See All Apps
  • VeePN Antivirus
  • Features
    • VPN Servers
    • Double VPN
    • No Log VPN
    • Kill Switch
    • NetGuard
    • Extra Features
    See All Features
  • What Is a VPN?
    • Remove Blocks
    • Access Content
    • Unblock Websites
    • VPN for Gaming
    • Stream Media
    • Stream Music
    • VPN for Netflix
    • VPN for ChatGPT
    • Protect Your Data
    • Internet Privacy
    • Anonymous IP
    • Conceal Identity
    • Prevent Tracking
    • Save Money
    • Browse Safely
    • Online Security
    • VPN Encryption
    • What Is My IP?
    • Hide Your IP
    How Does a VPN Work?
  • Pricing
  • Help
  • en
    EN
    • Deutsch Deutsch
    • Español Español
    • Français Français
    • العربية العربية
    • Indonesia Indonesia
    • Italiano Italiano
    • 한국어 한국어
    • Nederlands Nederlands
    • Polski Polski
    • Português Português
    • Türkçe Türkçe
    • 简体中文 简体中文
    • ไทย ไทย
    • Tiếng Việt Tiếng Việt
    • Čeština Čeština
    • فارسی فارسی
    • Română Română
    • Filipino Filipino
    • 日本語 日本語
Get VeePN

VeePN Browser Extensions: Results from Independent Audit about Robust Security

Conspiracy
Mar 23, 2023
3 min read
Promo Secure your digital life with VeePN
  • Privacy on any Wi-Fi
  • No data and speed caps
  • One account, 10 devices
  • 2 500+ servers in 89 locations
Get VeePN Now
Get the week’s best marketing content

General Information about Audit

VeePN covers more than 2500 servers and 50 locations. It intends to provide an exclusive connection speed. It enables you to surf the Internet effortlessly. There is no need to worry about bandwidth limits. VeePN makes every effort to ensure you have the fastest Internet experience.

VeePN wants to say that it is proud to present the results. VeePN Corp. requested to carry out a security assessment in February 2021 and then was quickly scheduled. A white-box approach was selected for this assessment. This enables a maximum possible breadth and depth of coverage. A team of two senior testers was provided by Cure53 to carry out an assessment. Cure53 was granted access to the uncompressed sources of Chrome and Firefox extensions with all other necessary information, test user accounts, etc.

Preparation for Assessment

VeePN Corp. performed all the needed preparations the week before the assessment to provide a smooth start for the Cure53 testing team. The process moved forward at a good pace. Communication was carried in an allotted and shared Slack channel which connected the workspaces of VeePN Corp. and Cure53. Noteworthy roadblocks were not discovered during the test.

Results of Test

The Cure53 team reported only three security-relevant discoveries. Two of them can be classified as security vulnerabilities, and the third is simply a general weakness with lower exploitation potential. One of the discoveries was given a “High score” because it led to a classic information leak in the Squid proxy error page. This is the most widespread discovery for VPN and proxy software setups.

Recommendations to Remove the Identified Vulnerabilities

For the “User-information leaked in Squid default error page” vulnerability, it is advised to modify the generic Squid error page and remove all user-related information.

For the “Auto-Protect feature bypass via domain trimming” vulnerability, it is advised to remove the code path. This guarantees that the WebExtension tunnels the domain, which was added by the user.

For the “XSS in pop-ups via server status code” vulnerability, it is advised to replace the innerHTML property with a secure option like innerText. This enables the display of the error to the user without risking displaying unintended HTML tags.

Note that all vulnerabilities were addressed and fixed during the assessment.

Brief Conclusion

The general impression about Firefox and Google Chrome VeePN WebExtension is very positive. All issues reported via Slack were immediately addressed by the VeePN team. All the fixes have been verified. The low number of findings means that the Cure53 team can conclude this project (carried out in spring 2021) with excellent outcomes for the VeePN Corp.

VeePN Corp. wants to thank Cure53 for their assessment and pleasant collaboration. Both Cure53 and VeePN teams carried excellent project coordination, support, and assistance before and during the assessment.

The VeePN Browser Extension is in the proper direction concerning its security design. The most widespread browser proxy mistakes have been successfully shunned with the help of good design and implementation decisions. WebExtensions can be regarded as an advantage of a strong security model.

Written by Conspiracy
Promo
Knowledge is power,
VeePN is freedom
Get VeePN Now
Keep your personal data private.
Protect yourself with VeePN
Get VeePN Now Learn More
Related Posts
Is Exodus Wallet Safe
Cryptocurrency 9 min read

Is Exodus Wallet Safe? Security Features, Risks & What Users Say

Oliver Bennett
May 9
Related Posts
Is Exodus Wallet Safe
Cryptocurrency 9 min read

Is Exodus Wallet Safe? Security Features, Risks & What Users Say

Oliver Bennett
May 9
What Is A VPN Gateway
Uncategorised 10 min read

What Is a VPN Gateway and How Does It Work 

VeePN Research Lab
May 8
Does VPN Drain Battery
Good to know 13 min read

10 Key Benefits of IoT for Consumers and Businesses

VeePN Research Lab
May 8

How about protecting your data and saving 78%?

All-in-one privacy protection:

  • description iconNo data breaches
  • description icon24/7 monitoring

Security bundle

breach alert icon

Breach Alert

+
antivirus icon

Antivirus

+
alternative id icon

Alternative ID

limited offer icon Limited Offer
timer icon

Offer ends in:

24:00:00
- 78%

money-back guarantee icon 30-day money-back guarantee

Claim this offer
Want to read more like this?
Get the latest news and tips from VeePN.
We won’t spam, and you will always be able to unsubscribe.
VeePN
Products
  • Windows PC VPN
  • VPN for macOS
  • Linux
  • iOS
  • Android
  • Chrome
  • Firefox
  • Edge
General
  • What Is a VPN?
  • VPN Software
  • Features
  • Pricing
  • Student Discount
  • Servers
  • Blog
Help
  • Support Center
  • Contact Us
  • Privacy Policy
  • Terms of Service
  • Warrant Canary
Benefits
  • Access Content
  • Internet Privacy
  • Online Security
  • Anonymous IP
  • VPN for Gaming
  • Prevent Tracking
Tools
  • What Is My IP?
  • Hide Your IP
Countries
  • US VPN
  • UK VPN
  • Canada VPN
  • Turkey VPN
Earn Money
  • Affiliates
visa
mastercard
bitcoin
paypal
american express

© 2025 VeePN Corp. Services provided by VeePN Corp., Panama. Payments & transactions partners: Laraun Limited (Cyprus) and IT Research LLC (USA).