Popular Chrome Extension Exposed for Siphoning Millions of AI Chat Histories
▼ Summary
– A popular Chrome/Edge extension called Urban VPN Proxy, with millions of users, was updated to silently harvest every prompt and response from users’ conversations with major AI chatbots like ChatGPT and Gemini.
– The data harvesting is done by injecting a script that intercepts network requests, capturing prompts, responses, and metadata, and sending it to the extension’s remote servers.
– Despite its privacy policy claiming data is anonymized for analytics, the extension shares raw browsing data, including AI conversations, with an affiliated advertising intelligence firm called BIScience.
– The extension misleadingly promotes an “AI protection” feature that warns about sharing personal data, but the data collection occurs regardless of whether this feature is enabled.
– This issue affects multiple “Featured” badge extensions from the same publisher, totaling over eight million installations, exploiting user trust in platform endorsements to collect sensitive data at scale.
A widely used Chrome extension, bearing the prominent “Featured” badge and boasting millions of installations, has been caught secretly collecting every single prompt and response from users’ interactions with popular AI chatbots. This data harvesting occurs without clear user consent, turning a tool marketed for privacy into a conduit for sensitive information. The extension in question is Urban VPN Proxy, which has amassed over six million users on the Chrome Web Store and an additional 1.3 million on Microsoft Edge.
An update released on July 9, 2025, activated this data collection by default. The extension employs specialized scripts that target specific AI platforms, including ChatGPT, Claude, Gemini, and Copilot. These scripts override fundamental browser functions to intercept all conversation data, which is then sent to remote servers controlled by the developer, Urban Cyber Security Inc. The harvested information includes user prompts, AI responses, timestamps, and even the specific AI model being used.
While the extension’s updated privacy policy references this collection for purposes like “Safe Browsing” and marketing analytics, the reality is more concerning. The policy states data is de-identified, yet the company admits it “cannot fully guarantee the removal of all sensitive or personal information.” Furthermore, this raw browsing data is shared with an affiliated advertising intelligence firm named BIScience, which uses it to create commercial insights for business partners. Notably, BIScience also owns Urban Cyber Security Inc. and has previously been accused of collecting user browsing history under misleading privacy disclosures.
Adding a layer of irony, Urban VPN promotes an “AI protection” feature that warns users about sharing personal data with AI companies. Security researchers point out the glaring contradiction: this same extension is simultaneously sending all conversation data, including the sensitive information it warns about, to its own servers. “The extension warns you about sharing your email with ChatGPT while simultaneously exfiltrating your entire conversation to a data broker,” noted Idan Dardikman of Koi Security, which published the report.
This data-harvesting capability was found in three other extensions from the same publisher: 1ClickVPN Proxy, Urban Browser Guard, and Urban Ad Blocker. Most of these also carry the “Featured” badge, a designation meant to signal trust and quality to users. This badge can heavily influence installation decisions, making its presence on these extensions particularly problematic. Combined, these tools represent an install base exceeding eight million users.
The incident underscores a significant vulnerability within browser extension ecosystems. Badges and high ratings can create a false sense of security, allowing malicious actors to exploit user trust at a massive scale. This risk is amplified as people increasingly share personal thoughts, seek advice, and discuss private matters with AI chatbots, creating a treasure trove of sensitive data. The situation highlights how platform policies can be manipulated, with developers allegedly leveraging loopholes to justify excessive data collection as “necessary” for their extension’s function.
(Source: The Hacker News)
