Do I need a VPN when connecting to a public network on my Chromebook?
That’s up to you.
HTTPS will keep your login and web content secure and private, but the owner of the public network (or anyone able to snoop) will be able to see what web server names and IP addresses you connect to.
You should always use a VPN when connecting any device to a public network…
It doesn’t matter if it’s a Windows, Android, iOS, Linux, or Chrome machine, a laptop, cell phone, or tablet etc…
It’s not just your browser that communicates and even then there are protocols that are exposed such as DNS, etc. You also never know if an app is using secure communications or not, and there are plenty of device specific protocols that can be sniffed by a bad actor…
You will be far safer using a VPN, and IMHO, it’s not only a necessity, but a requirement on a public network.
EDIT 1: in fact you should be using a VPN as standard practice if you are not the only user of the WiFi that you connect to (public or not).
EDIT 2: I am genuinely curious what aspect of my advice here has warranted downvotes? This is relatively common advice in security circles… Granted, a VPN is not a 100% defence against everything, but it is a 1000% better than not using one on a public or shared WiFi service…
Is it good enough if I do mobile hotspot and tethering from my phone where I do have a VPN? My phone is also connected to a public WiFi but i do have VPN installed on my phone… Is it safe enough to connect my chromebook to my phoneś hotspot/tethering?
Always a good idea if one can afford the fees. Other benefits includes foreign netflix/hulu & other region specific streaming sites as well.
Any VPN that you guys recommend?
Certainly, this could work, because your phone will encrypt your laptop traffic as well… However, this can be heavy on the phone’s battery 
A VPN is a personal decision, depending on what you want to use it for. However, in general, I recommend a paid solution over a free one.
This is because developers need to make money somehow, and in a free VPN, this is frequently data farming, targeted advertising, etc… which can compromise the integrity of the service. What you have to remember is, that they will have access to your every move on the internet, and the fewer logs that they keep, the better!
Personally, I have used Private Internet Access (PIA), Nord VPN, TunnelBear, amongst others. Some (like TunnleBear) have a limited use free tier that may suit your needs, and that is better that a 100% free service. Also do an internet search on the reputation of any VPN you consider, as many that you will find, especially on the Android store for example, can be a bit suspect.
I used Google One VPN, Windscribe, and protonVPN. Beyond these three I don’t really trust others… Windscribe you can get for $2 per month if you do the build a option.
I don’t trust PIA and all those other random ones because they are all owned by each other and they go to great lengths to buy sites or pay to be “#1” VPN on random sites. They also own most of those ranking sites… Like the people who own PC magazine and give out those VPN editor choices actually own a lot of those well advertised VPN.
Here’s one I don’t recommend if you torrent regularly: NordVPN. Yes, the price is right, there are a user friendly Chrome extension and Android app available, but no port forwarding.
For web browsing though I have no complaints.
I think PIA has a shady past. Nord definitely gave me the wrong vibes, so I left them. ExpressVPN is a no now. Proton seems like the best choice for now in my humble opinion.
PIA’s only crime was being bought by a company that had a bad PR issue over privacy… They gave a ton of assurances, transparent external auditing of their service, and have not put a foot wrong in over a year since…
Personally, I loved their service, privacy oriented outlook, & App… It just didn’t cut it for streaming… (Especially the BBC)
And the Proton email scandal of the other week?
This is where they broke their no logs promise, started logging certain users IP and data at the request of the Swiss government, handed those details over, and people were arrested…
Now, I’m not judging whether these people deserved it or not… Just the integrity of a service that heavily promoted integrity, no logs, and shouted privacy first!
Way worse than PIA being bought out by a company that once made a mistake, and is pushing hard to reassure its clients that they learned from that mistake, with transparent auditing etc.