Security Flaw in Urban VPN's Chrome Extension Allows Full Control via 'Toad' Command

A security vulnerability in Urban VPN’s Chrome extension allowed any website to execute arbitrary commands by sending a specially crafted postMessage containing the word "toad." This flaw granted attackers full control over the VPN’s functionality. The issue was identified in the extension’s handling of inter-window communication. The vulnerability affected one of Chrome’s most widely used VPN extensions.