Chrome Extension with 8 Million Users Caught Stealing AI Chats
Urban VPN and related browser extensions secretly harvest conversations from ChatGPT, Claude, Copilot, and other AI platforms, selling data to advertisers.
A popular VPN browser extension with Google's "Featured" badge has been secretly intercepting and selling users' AI chatbot conversations—including sensitive prompts to ChatGPT, Claude, Microsoft Copilot, and other major platforms. The extensions remain available on both Chrome and Edge stores despite the revelation.
The Discovery
Security researcher Idan Dardikman of Koi Security published findings on December 15, 2025, exposing a large-scale data collection operation embedded within Urban VPN Proxy and several related browser extensions.
The scope is staggering: over 8 million installations across Chrome Web Store and Microsoft Edge Add-ons are affected.
Affected Extensions
| Extension | Platform | Users |
|---|---|---|
| Urban VPN Proxy | Chrome, Edge | 6+ million |
| 1ClickVPN Proxy | Chrome, Edge | ~1 million |
| Urban Browser Guard | Chrome, Edge | ~500,000 |
| Urban Ad Blocker | Chrome, Edge | ~500,000 |
All extensions share the same backend infrastructure and data exfiltration code.
Targeted AI Platforms
The extensions specifically target conversations with eight major AI chatbots:
- ChatGPT (OpenAI)
- Claude (Anthropic)
- Microsoft Copilot
- Google Gemini
- Perplexity
- DeepSeek
- Grok (xAI)
- Meta AI
How the Attack Works
Researchers at Koi Security traced the malicious behavior to a mid-2025 software update. The extension silently activated data harvesting through hard-coded configuration changes, with no user notification or consent prompt.
The attack chain works through browser API manipulation:
- Targeted Injection: When users navigate to AI chatbot sites, the extension loads site-specific scripts designed to monitor those platforms
- Request Hijacking: These scripts intercept outgoing network requests before they reach the AI service, capturing the payload
- Full Conversation Logging: Both sides of the conversation—what users type and what the AI responds—are recorded along with session metadata
- Silent Exfiltration: Collected data streams to Urban VPN's analytics infrastructure for commercial processing
The particularly insidious aspect: there is no way to opt out. Disabling the "AI protection" features or even disconnecting the VPN does not stop the data harvesting. The only solution is complete removal of the extension.
Who Gets Your Data?
The data flows to BIScience, an affiliated advertising intelligence firm. According to researchers, BIScience uses raw (not anonymized) data to create insights that are "commercially used and shared with Business Partners."
BIScience, which also owns Urban Cyber Security Inc., was previously criticized for collecting browsing history under misleading privacy policy disclosures.
The Irony of "Privacy" Tools
The extensions market themselves as privacy and security tools. Urban VPN Proxy's Chrome listing emphasizes protecting users from "hackers and identity thieves." The extension even displays warnings about sharing sensitive information with AI chatbots—while simultaneously exfiltrating entire conversations to data brokers.
From the Koi Security report: "The harvesting feature sends that exact sensitive data—and everything else—to Urban VPN's own servers, where it's sold to advertisers. The extension warns you about sharing your email with ChatGPT while simultaneously exfiltrating your entire conversation to a data broker."
Why This Matters
People share extraordinarily sensitive information with AI chatbots:
- Proprietary business strategies and code
- Personal health questions
- Legal matters
- Financial information
- Creative works in progress
- Private thoughts and concerns
This data, now in the hands of advertising companies, could be used for targeted advertising, sold to unknown third parties, or potentially leaked in future breaches.
Immediate Actions for Users
- Check your browser extensions and remove any from the Urban Cyber Security family
- Review extension permissions for any VPN, ad blocker, or security tools
- Consider browser-based alternatives rather than extensions for VPN functionality
- Audit your AI chat history for sensitive information that may have been exposed
The Larger Problem
This incident highlights systemic issues with browser extension security:
- Google's "Featured" badge provided false trust signals
- Extension review processes failed to catch malicious behavior
- Permission models give extensions broad access that users don't fully understand
- Update mechanisms allow benign extensions to become malicious overnight
As of publication, all affected extensions remain publicly available on both Chrome and Edge stores.
Resources
Users should immediately remove these extensions and consider what sensitive information may have been exposed through AI chatbot conversations.
Related Articles
OpenAI Announces Ads Coming to ChatGPT Free Tier
AI company will begin testing advertisements in ChatGPT for US users in coming weeks, projecting $1 billion in ad revenue by end of 2026.
Jan 18, 2026Ex-Google Engineer Convicted in First US AI Espionage Case
Federal jury convicts Linwei Ding on 14 counts of economic espionage and trade secret theft for stealing Google's AI infrastructure secrets for China.
Jan 31, 2026Blue Shield California Exposes Member Health Data in Portal Error
System enhancement gone wrong allowed members to view other members' names, diagnoses, and medications. The insurer is offering affected individuals credit monitoring.
Jan 7, 2026PayPal Breach Exposed SSNs for Six Months Before Detection
A coding error in PayPal Working Capital exposed customer SSNs and business data since July 2025. Unauthorized transactions detected on some affected accounts.
Feb 24, 2026