Featured VPN Extension Logged Users' AI Conversations

Koi Security reports that Urban VPN Proxy—a Chrome Web Store "Featured" extension with 6 million users (and 1.3 million installs on Microsoft Edge)—silently intercepted and uploaded AI chatbot conversations after its July 9, 2025 update (v5.5.0). The extension targeted major AI platforms including OpenAI ChatGPT, Anthropic Claude, Microsoft Copilot, DeepSeek, Google Gemini, xAI Grok, Meta AI, and Perplexity.

Developed by Urban Cyber Security Inc., Urban VPN advertises privacy and identity protection. Nonetheless, the update enabled AI data collection by default via hard‑coded settings.

How the harvesting worked

• A tailored script per platform (e.g., chatgpt.js, claude.js, gemini.js) injected on visit
• Browser request APIs (fetch and XMLHttpRequest) overridden to route traffic through the extension
• Data captured: user prompts, chatbot responses, conversation IDs, timestamps, session metadata, AI platform and model
• Exfiltration to analytics.urban-vpn.com and stats.urban-vpn.com
• Auto-updating extensions meant the change arrived silently for existing users

Privacy policy and data sharing

• Urban VPN’s June 25, 2025 privacy policy says it collects AI prompts and outputs to enhance Safe Browsing and for marketing analytics, claiming de‑identification but acknowledging sensitive data may be processed
• The company lists BIScience—an affiliated ad intelligence and brand monitoring firm that owns Urban Cyber Security Inc.—as a recipient of raw (not anonymized) web browsing data to create commercial insights
• Earlier, an anonymous researcher alleged BIScience provides an SDK that collects clickstream data to domains such as sclpfybn.com, exploiting Chrome Web Store Limited Use policy exceptions by bundling features that justify broader data access

Other extensions implicated

• 1ClickVPN Proxy
• Urban Browser Guard
• Urban Ad Blocker
  Koi Security says these extensions exhibit the same AI harvesting behavior, pushing the publisher’s total install base beyond 8 million. Most carry the "Featured" badge, which can reassure users the extensions meet platform standards.

Why it matters

• Trust in Chrome and Edge extension marketplaces—and especially "Featured" badges—can be leveraged to collect sensitive AI chat content at scale. Users increasingly share personal information, seek advice, and discuss emotions with AI tools.

Responses

• Google did not respond to The Hacker News’ request for comment
• Microsoft said it is investigating and will take appropriate action under its policies

What users can do now

• Consider removing or disabling the affected extensions until clarified or fixed
• Review extension permissions and recent updates
• If you shared sensitive data in AI chats, consider clearing chat histories and rotating credentials

Source: The Hacker News