top of page
perceptive_background_267k.jpg

Featured Chrome Browser Extension Caught Intercepting Millions of Users' AI Chats

Published:

15 december 2025 om 17:46:00

Alert date:

15 december 2025 om 19:02:13

Source:

thehackernews.com

Click to open the original link from this advisory

Web Technologies, Data Breach & Exfiltration

A Google Chrome extension called Urban VPN Proxy with a 'Featured' badge and six million users has been caught silently collecting all user prompts entered into AI-powered chatbots including ChatGPT, Claude, Microsoft Copilot, DeepSeek, Google Gemini, xAI Grok, Meta AI, and Perplexity. The extension has a 4.7 rating on the Chrome Web Store despite this malicious behavior. This represents a significant privacy breach affecting millions of users who trusted the featured extension.

Technical details

The Urban VPN Proxy extension injects tailored JavaScript executors (chatgpt.js, claude.js, gemini.js) for each AI chatbot platform. These scripts override browser APIs (fetch() and XMLHttpRequest()) to intercept network requests and capture conversation data. The extension was updated on July 9, 2025, with version 5.5.0 implementing AI data harvesting enabled by default. The malicious functionality targets OpenAI ChatGPT, Anthropic Claude, Microsoft Copilot, DeepSeek, Google Gemini, xAI Grok, Meta AI, and Perplexity platforms.

Mitigation steps:

Uninstall the Urban VPN Proxy extension and other related extensions from the same publisher (1ClickVPN Proxy, Urban Browser Guard, Urban Ad Blocker). Users should review and remove any Chrome or Edge extensions from Urban Cyber Security Inc. Check browser extension permissions and review privacy policies of installed extensions. Consider using alternative VPN solutions from trusted providers.

Affected products:

Urban VPN Proxy Chrome Extension
Urban VPN Proxy Microsoft Edge Extension
1ClickVPN Proxy
Urban Browser Guard
Urban Ad Blocker

Related links:

https://www.koi.ai/blog/urban-vpn-browser-extension-ai-conversations-data-collection
https://chromewebstore.google.com/detail/Urban%20VPN%20Proxy/eppiocemhmnlbhjplcgkofciiegomcon
https://www.dnb.com/business-directory/company-profiles.urban_cyber_security_inc.ca25c0768d2e7d4586619e12e921bd9d.html
https://microsoftedge.microsoft.com/addons/detail/urban-vpn-proxy/nimlmejbmnecnaghgmbahmbaddhjbecg
https://infosec.exchange/@WPalant/113744609630895910
https://palant.info/2025/01/13/biscience-collecting-browsing-history-under-false-pretenses/
https://secureannex.com/blog/sclpfybn-moneitization-scheme/
https://thehackernews.com/2024/12/16-chrome-extensions-hacked-exposing.html
https://developer.chrome.com/docs/webstore/program-policies/limited-use/
https://support.google.com/chrome_webstore/answer/1050673
https://www.washingtonpost.com/technology/2025/11/12/how-people-use-chatgpt-data/
https://www.sciencedirect.com/science/article/pii/S2949882125000647
https://news.stanford.edu/stories/2025/10/ai-chatbot-privacy-concerns-risks-research
https://www.kcl.ac.uk/news/ai-chatbots-can-be-exploited-to-extract-more-personal-information

Related CVE's:

Related threat actors:

IOC's:

analytics.urban-vpn[.]com, stats.urban-vpn[.]com, sclpfybn[.]com

This article was created with the assistance of AI technology by Perceptive.

About us

© 2025 by Perceptive Security. All rights reserved.

email: info@perceptivesecurity.com

Deze website toont informatie afkomstig van externe bronnen; Perceptive aanvaardt geen verantwoordelijkheid voor de juistheid, volledigheid of actualiteit van deze informatie.

bottom of page