Independent auditors from leading company Cure53 confirmed that the ExpressVPN browser extension for Chrome and Firefox is safe as it protects “against the majority of serious threats.”
ExpressVPN is arguably the most proactive among the best VPN companies on the market when it comes to subjecting its service to external auditing. This is the 19th time the provider has undergone a third-party audit since 2018. Specifically, this is the second security assessment of its VPN browser extension—the first was conducted in 2022.
How was the ExpressVPN browser extension tested?
Experts at Cure53 have taken a close look at the VPN infrastructure to ensure that the ExpressVPN browser extension will work as promised starting in June 2024.
Specifically, the auditors applied a white-box testing approach and conducted penetration testing and source code audits to evaluate the security offered by the ExpressVPN browser extension. The test lasted six days.
Part of the analysis focused on the potential for a malicious extension to exploit the communication channel – the VPN browser extension – to take control of the virtual private network (VPN).
Did you know?
In addition to a secure VPN browser extension and dedicated apps for all devices, ExpressVPN also offers a fast built-in VPN router, ExpressVPN Aircove. Experts at Cure53 reviewed its security and privacy features ahead of its 2022 launch and received an overall “positive impression.”
“Fortunately, the review returned a positive result as no such vulnerabilities were identified,” Cure53 wrote in its assessment report, adding that no misconfigurations were found within the software either.
The audit found only two minor issues – one rated as a medium severity vulnerability and one as a general weakness – that were directly related to the feature that obscures your actual location.
Cure53 suggested ExpressVPN fix these issues to strengthen “the VPN extension’s already robust security posture,” but confirmed that both vulnerabilities have low exploit potential.
“The total number of findings identified during this engagement was very low, which can certainly be seen as a positive sign regarding the security of the VPN browser extension under investigation,” the report states. “All in all, Cure53 would like to congratulate the ExpressVPN team on their excellent work.”
Regular independent testing of VPN products has become the industry standard – a way for privacy-focused providers to back up their claims with hard facts. Ultimately, it’s about getting people to look beyond marketing gimmicks and use a truly secure VPN service.
We test and review VPN services for legal recreational use. For example:
1. Accessing a service from another country (subject to the terms and conditions of that service).
2. Protect your online security and strengthen your online privacy abroad.
We do not support or condone the illegal or malicious use of VPN services. The consumption of paid pirated content is neither supported nor condoned by Future Publishing.