A popular Google Chrome extension, Urban VPN Proxy, with millions of users and a "Featured" badge, has been caught silently collecting and exfiltrating private conversations from various AI chatbots. The extension, advertised as a secure VPN, was updated to include code that intercepts prompts and responses from platforms like ChatGPT, Gemini, and Claude, raising significant privacy concerns.

Key Takeaways

• Urban VPN Proxy, a Chrome extension with over 6 million users, was found to be harvesting AI chat conversations.

• The data collection began with version 5.5.0, released in July 2025, and operates by injecting scripts into AI platforms.

• The extension captures prompts, responses, timestamps, and session metadata, sending it to Urban VPN's servers.

• This data is allegedly shared with BiScience, a data broker affiliated with Urban VPN's parent company.

• Other extensions from the same developer also contain similar data-harvesting capabilities, affecting over 8 million users collectively.

Deceptive Data Harvesting

Urban VPN Proxy, boasting a 4.7-star rating and a "Featured" badge on the Chrome Web Store, was found to be actively intercepting user interactions with numerous AI chatbots. These include major platforms such as OpenAI's ChatGPT, Google's Gemini, Anthropic's Claude, Microsoft Copilot, Perplexity, DeepSeek, xAI's Grok, and Meta AI. The extension achieves this by injecting tailored JavaScript "executor" scripts for each AI platform, such as and .

These scripts override critical browser network APIs, including and , to capture all data exchanged between the user and the AI. The collected information includes user prompts, AI responses, conversation identifiers, timestamps, and session metadata. This data is then exfiltrated to remote servers operated by Urban VPN, specifically and .

A Deceptive "AI Protection" Feature

Despite Urban VPN's marketing highlighting an "AI protection" feature, which claims to scan prompts for personal data and warn users, this functionality is misleading. Security researchers found that the data harvesting occurs regardless of whether this feature is enabled or disabled. The "protection" feature operates independently of the surveillance mechanism, meaning sensitive data is collected and sent to Urban VPN's servers even while the extension purports to protect users.

Broader Impact and Affiliations

The issue extends beyond Urban VPN Proxy. Koi Security, the research team that uncovered the breach, identified similar AI data-harvesting functionality in at least seven other extensions developed by the same publisher. These include 1ClickVPN Proxy, Urban Browser Guard, and Urban Ad Blocker. Collectively, these extensions have impacted over eight million users across Chrome and Microsoft Edge. Many of these extensions also carry "Featured" badges, implying an endorsement from Google and Microsoft.

Urban VPN is operated by Urban Cyber Security Inc., which is affiliated with BiScience (B.I. Science Ltd.), an Israeli data broker. BiScience has previously been criticized for collecting user browsing history and clickstream data. The harvested AI chat data is reportedly used for marketing analytics and shared with business partners, contradicting claims of not selling data to third parties.

User Alert and Platform Oversight

Security experts are urging users to immediately uninstall Urban VPN Proxy and any other related extensions from the same developer. It is advised that users assume any AI conversations conducted since July 2025 while using these extensions may have been compromised. The discovery also raises questions about the effectiveness of Google and Microsoft's extension review processes, as these extensions, despite violating policies, have retained their "Featured" status.

As cyber threats become increasingly sophisticated, your security strategy must evolve to keep pace. BetterWorld Technology offers adaptive cybersecurity solutions that grow with the threat landscape, helping your business stay secure while continuing to innovate. Reach out today to schedule your personalized consultation.

Sources

• Featured Chrome Browser Extension Caught Intercepting Millions of Users' AI Chats, The Hacker News.

• ‘Featured’ Urban VPN caught stealing private AI chats, CSO Online.

• Google Chrome extension with 6 million users caught harvesting ChatGPT, Gemini and Perplexity chats |Technology News, The Indian Express.

• Six Million Users Trusted This Extension Without Knowing What It Records, Cyber Press.

• Chrome Extension with 6M+ Users Found Collecting AI Chatbot Inputs, GBHackers News.