Malicious updates covertly override network APIs to capture sensitive data from AI chats across 10 platforms.

A popular Chrome browser Virtual Private Network extension, Urban VPN Proxy, has been secretly capturing and monetizing users’ conversations with major AI chatbots, exposing sensitive data from millions of people despite being marketed as a privacy tool.

According to reports, the extension, as well as several related add‑ons from the same publisher, had been quietly updated with data‑stealing code that targeted chats on services including ChatGPT, Gemini, Perplexity, Claude, Copilot, and others.​

The browser extension, which has been downloaded more than six million times and even designated with a “Featured” badge in the Chrome Web Store, is said to have pushed a malicious update (around version 5.5.0 in mid‑2025) that injected custom JavaScript into AI chatbot pages.

Actual mode of data exfiltration

The injected scripts would override core browser network application programming interfaces such as fetch() and XMLHttpRequest, letting the extension intercept prompts, responses, conversation IDs, timestamps, and session metadata before encryption and page rendering.​ Then:

  • Captured data was compressed and sent to remote analytics endpoints controlled by the extension operator
  • The logging continued even when the VPN was toggled off, meaning users had no visible indication their AI conversations were being exfiltrated.
  • Nearly identical code is found in at least seven sibling extensions from the publisher, including 1ClickVPN Proxy, Urban Browser Guard and Urban Ad Blocker, raising the total exposed user base to more than eight million across Chrome and Edge.​
  • The spying covered at least 10 major AI platforms, including previously mentioned chatbots, as well as DeepSeek, Grok (xAI) and Meta AI, turning everyday chatbot use into a rich source of behavioral and sensitive intelligence.
  • The stealth code created acute privacy risks and serious enterprise data‑loss exposure because users often paste proprietary code, business plans, medical queries, financial details and even session tokens into AI chats

Research from ExtensionTotal, Malwarebytes and others has tracked dozens of Chrome extensions updated with info‑stealing or data‑exfiltrating payloads and affecting several million additional users.

This genre of cyber threat illustrates the urgent need to treat browser extensions as powerful software capable of full session exfiltration rather than minor convenience add‑ons.​ Organizations should exert strict policy controls over which extensions staff may install, monitoring for risky add‑ons, and incident response steps such as revoking tokens and rotating credentials if affected extensions were present on corporate machines, according to cyber experts.