Security researchers have disclosed findings showing that a widely used browser extension carrying a Featured badge on major extension marketplaces has been silently collecting sensitive user data from popular AI powered chat platforms. The extension, Urban VPN Proxy, which reports more than six million users on Google Chrome and an additional 1.3 million installs on Microsoft Edge, was observed harvesting every prompt and response entered into leading AI chat services without clear user awareness.
Urban VPN Proxy is promoted as a free VPN service that claims to protect user identity, hide IP addresses, and provide secure browsing access. Developed by Delaware based Urban Cyber Security Inc., the extension holds a 4.7 rating on the Chrome Web Store, a level of trust often associated with platform endorsed quality. Researchers found that a software update released on July 9, 2025, under version 5.5.0, introduced AI conversation collection capabilities that were enabled by default through hard coded settings. According to Koi Security, the update deployed tailored JavaScript executors that activate when users visit AI platforms such as OpenAI ChatGPT, Anthropic Claude, Microsoft Copilot, DeepSeek, Google Gemini, xAI Grok, Meta AI, and Perplexity. These scripts intercept interactions by overriding browser network request handling functions, ensuring that every prompt and response is routed through the extension before reaching the AI service.
Once injected, the scripts capture detailed conversation data, including user prompts, chatbot replies, session identifiers, timestamps, platform names, and model information. This data is then transmitted to remote servers controlled by the extension operator at analytics.urban vpn.com and stats.urban vpn.com. Koi Security researcher Idan Dardikman noted that because Chrome and Edge extensions update automatically by default, users who originally installed Urban VPN for VPN functionality were later subjected to silent AI data collection without explicit consent. The scope of captured information extends beyond basic usage metrics, encompassing conversational content that may include sensitive personal, professional, or financial details shared with AI tools.
Urban VPN updated its privacy policy on June 25, 2025, stating that AI prompts and outputs are collected as part of browsing data to enhance safe browsing features and for marketing analytics. The policy acknowledges that sensitive personal information may be processed and claims that measures are implemented to de identify and aggregate data. However, the policy also states that complete removal of sensitive content cannot be fully guaranteed. The company further disclosed that browsing data is shared with third parties, including an affiliated ad intelligence and brand monitoring firm named BIScience. According to Urban VPN documentation, BIScience uses raw, non anonymized data to generate insights that are commercially shared with business partners. BIScience also owns Urban Cyber Security Inc., and has previously faced scrutiny from independent researchers over alleged collection of clickstream browsing data through extension software development kits distributed to third party developers.
Researchers also raised concerns about how the extension markets an AI protection feature that claims to scan prompts for personal data and warn users before submitting sensitive information. Despite this framing, the underlying data harvesting reportedly occurs regardless of whether the feature is enabled. Dardikman highlighted that while the extension warns users about sharing personal details with AI companies, it simultaneously exfiltrates the entire conversation to its own servers where it may be monetized. Koi Security identified similar AI harvesting behavior in three additional extensions from the same publisher, namely 1ClickVPN Proxy, Urban Browser Guard, and Urban Ad Blocker, bringing the total installation count across platforms to more than eight million users. Most of these extensions also carry Featured badges, which signal compliance with marketplace standards and significantly influence user trust.
The findings illustrate how extension marketplace trust mechanisms can be exploited to collect highly sensitive data at scale, particularly as AI chat platforms become spaces where users share personal concerns, seek advice, and discuss private matters. Requests for comment were sent to Google and Microsoft regarding the findings, with responses pending at the time of reporting.
Follow the SPIN IDG WhatsApp Channel for updates across the Smart Pakistan Insights Network covering all of Pakistan’s technology ecosystem.
