It was discovered that AI chats of over 8 million users were being intercepted by Chrome and Edge extensions and sold for profit
Researchers at security firm
8 Million Users' AI Conversations Sold for Profit by 'Privacy' Extensions | Koi Blog
https://www.koi.ai/blog/urban-vpn-browser-extension-ai-conversations-data-collection
Koi Security researchers were testing whether browser extensions could read conversations on AI chat platforms and discovered that a highly rated extension with millions of installs had the ability to target major AI platforms and eavesdrop on conversations.
The research team's list of 'extensions that intercept chats with AI' topped the list, with Urban VPN Proxy at the top. Urban VPN Proxy is a Chrome extension that provides a free VPN with guaranteed privacy and security, and has over 6 million users. It has received approximately 59,000 user reviews on the Chrome Web Store, with an average rating of 4.7 stars.
According to Koi Security, Urban VPN Proxy includes dedicated interception scripts for major AI platforms, including ChatGPT, Claude, Gemini, Microsoft Copilot, Perplexity, DeepSeek, Grok, and Meta AI. This collection functionality is enabled by default via a hard-coded flag in the extension, and there is no way for users to disable it.
The interception script hijacks network traffic by injecting the target site's code, extracts conversation data, compresses it, and sends it to an external server. Urban VPN Proxy is an extension designed for VPNs, but the interception script is always active, regardless of whether the VPN function is turned on.
Urban VPN Proxy's AI chat interception has been active since version 5.5.0, released on July 9, 2025. Version 5.5.0 added an 'AI Protection' feature that warns users before accidentally sending personal data, preventing phishing scams, malware, and intrusive ads while browsing. The research team notes that the chat interception feature was also added at the same time, and that turning off the AI Protection feature does not disable chat interception.
According to the research team, the AI chat interception feature is found in four extensions, including Urban VPN Proxy and Urban Ad Blocker, both from the same publisher. The extensions are available for Chrome and Edge, and in total, over 8 million users are affected by the AI chat interception.
The research team points out that Urban Cyber Security Inc., the operator of Urban VPN Proxy, is affiliated with data brokerage firm BiScience, which states in its privacy policy that it 'commercially exploits the shared raw data to generate insights that are shared with business partners,' suggesting that the collected AI chat content may also be used for commercial purposes.
What's particularly problematic about Urban VPN Proxy is that it has earned a 'Featured' badge on Google's Chrome Web Store. The Featured badge 'follows Google's technical best practices and meets high standards for user experience and design,' and 'before receiving the Featured badge, the Chrome Web Store team must review each extension,' meaning that a Google employee has reviewed Urban VPN Proxy and guaranteed it to be a 'safe extension.'
Although Urban VPN Proxy's AI chat interception feature was enabled at the time of writing the research report, it still had a Featured badge indicating Google's endorsement. The research team pointed out that 'Urban VPN Proxy's collection of user data, its transfer to third parties, or its sale is a clear policy violation. The review also revealed that the app also contains code that collects conversations from Google's AI, Gemini, but this code was either not properly verified in the store review process or was verified but not flagged as an issue.'
Related Posts:
