8M VPN users just got their AI chats wiped and sold

Published: 17 December 2025
Last updated: 18 December 2025
Chrome AI

Widely used Chrome browser extensions have been quietly wiping users’ conversations with AI chatbots and selling the sensitive data to third parties.

Cybersecurity researchers from Koi identified that a Chrome extension with more than six million users, a 4.7-star rating, and a “Featured” badge from Google was actively harvesting users' AI chat conversations.

The extension called Urban VPN Proxy markets itself as a free VPN designed to enhance privacy and security.

ADVERTISEMENT

The extension claims to help shield users from phishing attempts, malware, and intrusive ads. It also offers AI protection, which checks prompts for personal data and scans AI chat responses for suspicious or unsafe links.

Curious what others think about this story? Contribute your thoughts to the debate below.

However, after analyzing the extension’s code, researchers found that it contains scripts designed to intercept and exfiltrate conversations from at least ten major AI platforms, including ChatGPT, Claude, Gemini, Microsoft Copilot, Perplexity, DeepSeek, Grok (xAI), and Meta AI.

Each platform is targeted by a dedicated script, researchers said, allowing the extension to capture conversations as users interact with AI services.

Koi researchers warned that anyone who used AI platforms after Urban VPN was installed on the device should assume their conversations were captured and transmitted to Urban VPN’s servers. The data was potentially sold to data brokers.

Urban VPN Proxy
Source: Koi

No way to disable data collection

According to Koi, the data collection is enabled by default through hardcoded configuration flags. There is no user-facing option to disable it, meaning users cannot opt out without uninstalling the extension entirely.

ADVERTISEMENT

The behavior appears to have been introduced in version 5.5.0 of the extension, released on July 9th, 2025. Versions prior to that did not include AI conversation harvesting, the researchers said.

Chrome and Edge extensions update automatically, so users who installed Urban VPN earlier would have received the new functionality silently, without explicit consent or notification.

Urban VPN Proxy
Source: Koi

The same code used in multiple popular extensions

After analyzing Urban VPN Proxy, Koi researchers expanded their investigation.

“We checked whether the same code existed elsewhere. It did. The identical AI harvesting functionality appears in seven other extensions from the same publisher, across both Chrome and Edge,” wrote Koi.

The extensions span multiple product categories such as VPNs, ad blockers, and browser security tools, but all share the same underlying surveillance backend. In total, they affect 8 million users.

Chrome Web Store:

  • Urban VPN Proxy - 6,000,000 users
  • 1ClickVPN Proxy - 600,000 users
  • Urban Browser Guard - 40,000 users
  • Urban Ad Blocker - 10,000 users

Microsoft Edge Add-ons:

ADVERTISEMENT
  • Urban VPN Proxy - 1,323,622 users
  • 1ClickVPN Proxy - 36,459 users
  • Urban Browser Guard - 12,624 users
  • Urban Ad Blocker - 6,476 users

What makes the discovery especially troubling is that most of the extensions also carry “Featured” badges from Google or Microsoft, showing that the software has passed platform review and meets quality standards.

“This means a human at Google reviewed Urban VPN Proxy and concluded it met their standards. Either the review didn't examine the code that harvests conversations from Google's own AI product Gemini, or it did and didn't consider this a problem,” the researchers explain.

Data broker using web extensions to harvest data

Urban VPN is operated by Urban Cyber Security Inc., which is affiliated with BiScience, a data broker known for large-scale user tracking.

Researchers have previously shown that BiScience operates a large-scale data collection pipeline, gathering clickstream data from millions of users. The company also provides software development kits (SDKs) to third-party browser extension developers, allowing them to quietly funnel user data into the same ecosystem.

That information is then packaged, analyzed, and monetized through commercial products such as AdClarity and Clickstream OS, which are sold to business partners and advertisers.

Unlock more exclusive Cybernews content on YouTube.

ADVERTISEMENT
Share
Post
Share
Share
Share
More from Cybernews
Meta confirms: critical vulnerability in account recovery tool exposed over 20K Instagram users
UK to use AI to prepare for AI-induced employment challenges
Dark web drug vendor gets 26 years for selling fentanyl and meth
Meta escalates legal battle with Israeli spyware firm NSO over WhatsApp attacks
UK PM Starmer set to ban social media for Under-16s
OpenAI plans biggest ChatGPT overhaul ahead of listing
ADVERTISEMENT
Leave a Reply

Your email address will not be published. Required fields are markedmarked