In a major privacy breach, a widely-used Google Chrome extension, installed by over six million users, has been exposed for secretly harvesting sensitive conversations from popular AI chatbots like ChatGPT, Google Gemini, and Microsoft Copilot. The extension, which boasted a high rating and Google's own "Featured" badge, was masquerading as a free privacy tool while intercepting user data.
How the Malicious Extension Operated
Security researchers from the firm Koi uncovered the scheme. The extension in question, named Urban VPN Proxy, was advertised as a free VPN service for enhanced online security and privacy. However, starting with its version 5.5.0 released in July 2025, the software began a covert data collection campaign.
The extension targeted user interactions across 10 major AI platforms, including ChatGPT, Claude, Gemini, Microsoft Copilot, Perplexity, DeepSeek, Grok from xAI, and Meta AI. For each platform, the malware used a dedicated script designed to inject itself into the chat interface. This allowed it to read both user prompts and the AI's responses in real-time.
The harvested data, which included the full text of prompts and responses, timestamps, and session metadata, was then sent back to servers controlled by Urban VPN. Researchers confirmed that the only definitive way to stop this data collection was to completely uninstall the extension.
A Wider Network of Malicious Software
Further investigation revealed that Urban VPN Proxy was not an isolated case. The same developer was behind at least seven other malicious Chrome extensions that contained similar code. This network included other tools like 1ClickVPNProxy, Urban Browser Guard, and Urban Ad Blocker, potentially amplifying the scale of the data theft.
A critical factor in the breach's success was the default auto-update feature for Chrome extensions. Most users who had installed the original, seemingly legitimate VPN tool were unaware that an update had turned it into spyware. Their private conversations with AI assistants were captured and exfiltrated without their knowledge or consent.
The Business Behind the Data Theft
The extension is owned by Urban Cyber Security Inc., a company linked to the data brokerage firm BiScience. Reports indicate that the vast amounts of conversational data stolen from millions of users are not just being stored but are actively being sold to marketing and analytics companies. This turns private queries, creative ideas, and potentially sensitive questions into a commodity for profit.
This incident highlights a significant vulnerability in the browser ecosystem. Despite Google's vetting process, a malicious extension with a "Featured" badge and millions of users operated undetected for months. It serves as a stark reminder for users to be extremely cautious about the extensions they install, even those with high ratings and official badges, and to regularly audit their browser's add-ons.
