Betrayal of Trust: “Featured” Urban VPN Extension Caught Stealing Private AI Chat Logs from 8M Users
Browser extensions have long been a familiar way to boost productivity and add useful features, yet another incident illustrates how easily this convenience can be transformed into a channel for the quiet harvesting of sensitive data.
Researchers at Koi Security reported that the Urban VPN Proxy extension for Google Chrome—marked as Featured and installed by approximately six million users—was intercepting conversations with popular AI chatbots. This included prompts and responses from services such as ChatGPT, Claude, Copilot, DeepSeek, Gemini, Grok, Meta AI, and Perplexity. Urban VPN Proxy holds a 4.7 rating in the Chrome Web Store, and the Microsoft Edge add-ons catalog records roughly 1.3 million installations.
According to the report, data-collection functionality was enabled by default following an update released on July 9, 2025, when users received version 5.5.0. For each AI platform, the extension loaded dedicated JavaScript scripts and injected them directly into chatbot pages.
Once deployed, these scripts replaced the browser’s standard request-sending mechanisms—fetch() and XMLHttpRequest()—so that all traffic was first routed through the extension’s code. This allowed the contents of conversations to be extracted and transmitted to external servers at analytics.urban-vpn[.]com and stats.urban-vpn[.]com.
The collected data reportedly included user prompts, chatbot responses, conversation identifiers and timestamps, session metadata, as well as information about the AI platform and model in use. Urban VPN’s updated privacy policy dated June 25, 2025, states that such data is gathered for Safe Browsing purposes and marketing analytics, with assurances of anonymization. At the same time, the company concedes that it is not always possible to completely prevent sensitive information from being captured within user queries.
The report’s authors devoted particular attention to the partners receiving web-browsing data. Among them is the affiliated company BIScience, which specializes in advertising analytics and brand monitoring. Urban VPN’s documentation notes that BIScience uses non-anonymized data to generate commercial insights that are then shared with business partners. The documents also emphasize the connection between BIScience and Urban Cyber Security Inc., the Delaware-registered developer of Urban VPN Proxy.
The extension’s listing advertises an AI Protection feature intended to warn users about personal data in prompts and suspicious links in responses. However, Koi Security observed that the interception and transmission of conversations occurred regardless of whether this option was enabled.
Investigators identified similar AI-dialog interception logic in three additional extensions from the same publisher: 1ClickVPN Proxy, Urban Browser Guard, and Urban Ad Blocker. Collectively, these extensions exceed eight million installations, and most are likewise marked as Featured—creating the impression of heightened vetting by the platforms. The Hacker News has reached out to Google and Microsoft for comment and is awaiting their responses.
Support Our Threat Intelligence
If you find our technology report and cybersecurity news helpful, consider supporting our work.
Buy Me a Coffee
PayPal
