User privacy and online security lie at the heart of ExpressVPN’s service. Our users trust and rely on us to protect their privacy and uphold best-in-class security standards. To do so, we regularly evaluate our systems through internal tests and commission independent third-party audits to ensure our privacy safeguards remain robust and transparent.
We’re happy to announce that cybersecurity firm Cure53 has completed its second assessment of our browser extension for Chrome and Firefox. The audit, which took place in June 2024, reaffirms the security of our browser extension.
We are pleased to share that Cure53’s findings were very positive. The report commends our browser extension for its “well-implemented security measures, which protect against the majority of severe threats.”
“The overall number of findings made during this engagement was very small, and this can certainly be interpreted as a positive sign in regards to the security of the inspected VPN browser extension,” Cure53 wrote in its report. “All in all, Cure53 would like to congratulate the ExpressVPN team on their excellent work.”
The report identified only two issues, one of “medium” severity and one miscellaneous. Both were classified as having low exploitation potential and have since been addressed. The fixes were verified by Cure53 again in a re-test conducted in July 2024.
The report concludes that the extension’s design prioritizes a minimal attack surface, which reduces potential avenues for exploitation. It also notes that “the way the development team has adhered to best practices for browser extension development is commendable. This focus on secure coding principles, coupled with the implementation of robust input validation measures, significantly reduces the likelihood of successful attacks.”
Read Cure53’s full audit report.
Industry-leading trust and transparency efforts
This audit further solidifies ExpressVPN’s position as the industry’s most transparent provider, with a total of 19 independent third-party audit reports published to date. This is just one of the many ways we continue to uphold our commitment to transparency and accountability.
Recently, ExpressVPN also published our second transparency report which details user data requests received by our legal department. Complementing this report is KPMG LLP’s completion of an audit verifying ExpressVPN’s privacy policy claims, assuring users that we continue to uphold our strict no-logs policy—this means no user data can or will be collected. These reports demonstrate our ongoing dedication to protecting our users’ online privacy and maintaining their trust through transparency.
Protect your privacy with the best VPN
30-day money-back guarantee
We take your privacy seriously. Try ExpressVPN risk-free.
What is a VPN?
