Warning: These VPN extensions for Chrome leak your DNS

Madalina Dinita
by Madalina Dinita
Former Managing Editor
Download PDF
Affiliate Disclosure

  • There are plenty of Chrome extensions out there that can leak your DNS to third parties.
  • When that happens, you should either remove the extensions or get a VPN service.
  • For more articles on similar topics, check out the Privacy section of our website.
  • Learn about VPN tools by looking at the guides from our VPN Hub.
chrome vpn extensions leak DNS

Recent reports confirmed that many VPN tools actually leak your IP address to third-party entities. We recently came across a new security report that suggests things are even worse when it comes to Chrome VPN extensions.

As a matter of fact, a whopping 70% of all the tested extensions leak your DNS.

Security researcher John Mason and ethical hacker File Descriptor tested 15 VPN services and found out that 10 of them actually leak your DNS through their browser extensions.

A VPN that doesn’t leak your IP or DNS – Private Internet Access

Since you can’t rely on extensions too much, you will either have remove them or go for a full-fledged VPN service. Whichever you may choose, Private Internet Access is a go-to solution.

This VPN service is owned by Kape Technologies, and it is backed up by 3300 servers in 46 different countries, allowing unparalleled access to all geo-restricted content.

The VPN is extremely easy to use, to the point where it can be considered easier to manage than an actual browser extension.

Your connection will remain secure thanks to the encryption, and you won’t have to worry about common VPN-related issues, such as latency or limited bandwidth.

Private Internet Access

Private Internet Access

A reliable VPN service that is easier to use than a browser extension that offers full security features. Now at a discount price for a limited time only!
$2.85/mo. Buy now

As John Mason explains, Chrome uses DNS Prefetching to reduce website loading latency by predicting what websites you’re going to visit.

Chrome provides users with two modes to set up proxy connections after installing a VPN extension: fixed_servers and pac_script.

The majority of VPN extensions use the pac-script mode. However, this mode allows dynamic HTTPS/SOCKS proxy server host changes. Up to a certain point, this is a good thing as it optimizes the VPN connection depending on what websites users choose to visit.

So, if you use your extension to play games, the script will select a proxy server that’s optimized for playing games.

However, this behavior leaves users vulnerable to DNS leaking. Certain webpage might force visitors to leak DNS requests.

In other words, when you type a website address in the address bar, the suggested URL is actually DNS prefetched. This means that ISPs can then collect this information about the websites that you often visit even if you use a VPN extension.

The list of VPN extensions affected by DNS leaks includes: Hola VPN, TunnelBear, Betternet, Ivacy VPN, DotVPN and more.

Private Internet Access is on the list of VPNs that are not leaking your DNS.

You can mitigate this DNS leak problem by disabling the predictive service from Chrome‘s Settings.

disable predictive service google chrome

DNS leaks may severely affect your online privacy and security. To keep your DNS protected, you can also use DNS Server on your PC, or use a DNS protection tool such as DNS Lock.

FAQ: Learn more about DNS leaks

  • How do I check for a DNS leak?

Visit the dnsleak.com website and perform a test. The results will let you know of any issues. If you do find any, follow these steps to avoid leaks from your browser.

  • Why is my DNS server unavailable?

Bad DNS and IP settings can result in you not being able to connect to the DNS server. When that happens, follow the fixes listed in this article.

  • How do I fix a DNS leak?

The simplest way to fix it is by using a VPN client with protection against DNS leaks.

Editor’s Note: This post was originally published in April 2018 and has been since revamped and updated in May 2020 for freshness, accuracy, and comprehensiveness.