A popular browser extension called Urban VPN Proxy, available for users of Google’s Chrome browser, has been discovered secretly sniffing out and harvesting confidential AI conversation data of millions of users across sites such as ChatGPT, Claude, Copilot, Gemini, Grok, Meta AI, and Perplexity.
The browser extension, known for providing users with a safe and private manner of accessing any blocked website through a virtual private network, was recently upgraded in July of 2025 and has an added function enabling it to fish out all conversation data between users and AI chat bot systems by injecting specific JavaScript code into these sites.
By overriding browser network APIs, the extension is able to collect prompts, responses, conversation IDs, timestamps, session metadata, and the particular AI model in use. The extension's developer, Urban Cyber Security Inc., which also owns BiScience, a company well-known for gathering and profiting from user browsing data, then sends the collected data to remote servers under their control.
The privacy policy of Urban VPN, which was last updated in June 2025, confesses to collecting AI queries and responses for the purposes of "Safe Browsing" and marketing analysis, asserting that any personal data is anonymized and pooled. However, BiScience shares raw, non-anonymized browsing data with business partners, using it for commercial insights and advertising.
Despite the extension offering an “AI protection” feature that warns users about sharing personal information, the data harvesting occurs regardless of whether this feature is enabled, raising concerns about transparency and user consent.The extension and three other similar ones—1ClickVPN Proxy, Urban Browser Guard, and Urban Ad Blocker—all published by Urban Cyber Security Inc., collectively have over eight million installations.
Notably, these extensions bear the “Featured” badge on Chrome and Edge marketplaces, which is intended to signal high quality and adherence to best practices. This badge may mislead users into trusting the extensions, underlining the risk of data misuse through seemingly legitimate channels.
Koi Security’s research highlights how extension marketplaces’ trust signals can be abused to collect sensitive data at scale, particularly as users increasingly share personal details and emotions with AI chatbots. The researcher calls attention to the vulnerability of user data, even with privacy-focused tools, and underscores the need for vigilance and stricter oversight on data collection practices by browser extensions.
