Free VPN extensions are available for popular browsers.
Typically, HTTPS traffic should be safe for traversal through these VPNs ... unless the extension can install additional certificate authorities into the browser and perform SSL/TLS man-in-the-middle attacks.
So, can extensions of browsers (specifically interested in Chrome and Firefox) install additional certificate authorities?