ExpressVPN Browser Extension Gets Audited
ExpressVPN’s browser extension passed an independent audit by security firm Cure53. This is the second successful audit for the browser extension, and ExpressVPN has conducted 19 security audits for its apps, protocols, and more. The repeated audits continuously prove the security of all of its apps and tools.
The browser extension lets you connect to a VPN through your browser rather than through the app. This is helpful in regions where you can’t access the app or when you need a VPN specifically to protect your browser. Note that using both the browser extension and desktop app at once clashes, so users won’t need both at once.
The report praised ExpressVPN for having a secure app with well-implemented security features that protect the company and users from threats. ExpressVPN’s transparency was also praised by auditors, especially its commitment to maintaining its no-logs policy.
A no-logs policy prevents anyone, including the company, from storing sensitive customer data.
“The overall number of findings made during this engagement was very small, and this can certainly be interpreted as a positive sign in regards to the security of the inspected VPN browser extension,” Cure53 reported. “All in all, Cure53 would like to congratulate the ExpressVPN team on their excellent work.”
There were two dangers that Cure53 highlighted for ExpressVPN to fix. ExpressVPN promptly fixed the two low-concern security threats before threat actors could take advantage of them.
“The way the development team has adhered to best practices for browser extension development is commendable,” Cure53 said. “This focus on secure coding principles, coupled with the implementation of robust input validation measures, significantly reduces the likelihood of successful attacks.”
ExpressVPN explained in a blog post that despite having passed its audit, the company will continue focusing on delivering the safest cybersecurity products on the market and keep improving their defenses. In addition, the VPN also pledged to continue maintaining its no-logs policy.
React to this headline: