A popular browser extension promoted as a free and secure VPN has been discovered secretly capturing user conversations across multiple AI chatbot platforms including ChatGPT, Claude, Gemini, and Microsoft Copilot raising fresh concerns over privacy and data exploitation in the age of generative AI.
Researchers using the Wings agentic‑AI risk engine uncovered that Urban VPN Proxy, a Chrome extension with over six million installs and a 4.7‑star rating, contains hidden code designed to intercept, capture, and exfiltrate AI chat traffic.
The extension has been featured by Google and carries the Chrome Web Store’s “Featured” badge, implying a level of trust and compliance that most users never questioned.
According to the analysis, version 5.5.0, released on July 9, 2025, introduced new background processes enabling the collection of AI prompts, responses, and session metadata. These scripts operate even when the VPN function is disabled.
For every supported AI platform, the extension deploys dedicated “executor” scripts such as chatgpt.js and claude.js that inject into webpages, override browser network functions, and intercept all request and response data in real time.
Captured data includes full conversations, conversation IDs, timestamps, and information about which AI model was used.
Near the top of the list: Urban VPN Proxy. A Chrome extension with over 6 million users. A 4.7-star rating from 58,000 reviews.
This information is then compressed and transmitted to remote servers controlled by Urban VPN, including domains like analytics.urban‑vpn.com and stats.urban‑vpn.com.
Privacy Promise to Surveillance Network
Urban VPN advertises “AI protection” as a core feature, claiming to safeguard users by scanning prompts for sensitive data or dangerous links.
The script overrides fetch() and XMLHttpRequest – the fundamental browser APIs that handle all network requests. This is an aggressive technique.
However, examination of the code revealed that these notifications are independent of the harvesting system. The AI protection toggle does not prevent data collection making the feature essentially deceptive.
More troublingly, the same harvesting code is present across seven other Chrome and Edge extensions from the same developer, including 1ClickVPN Proxy, Urban Browser Guard, and Urban Ad Blocker altogether affecting an estimated 8 million users.
All but one carry the “Featured” or “Trusted” designation on either Chrome or Edge stores.
Urban VPN is operated by Urban Cyber Security Inc., a company affiliated with BiScience Ltd., an Israeli data broker known for collecting browsing data through extensions and software development kits (SDKs).
BiScience markets this behavioral data through commercial analytics products such as AdClarity and Clickstream OS.
Its privacy policy explicitly acknowledges collecting “AI prompts and outputs” and sharing them for “marketing analytics purposes,” contradicting the Chrome Web Store listing that claims “no sale of data to third parties.”
Responsibility and Oversight
The discovery calls into question Google’s extension review process since Urban VPN continues to hold its Featured status despite violating Chrome’s Limited Use policy, which prohibits sharing user data with data brokers.
Experts warn that users who interacted with AI chatbots while using Urban VPN or related extensions after July 2025 should assume their private conversations including medical, financial, or personal information have been collected and potentially sold to third parties.
As of publication, the extension remains publicly available on both Chrome and Edge stores.
Security researchers found no user‑facing option to turn off the feature. The only way to stop the data exfiltration is complete removal of the extension.
Follow us on Google News, LinkedIn, and X to Get Instant Updates and Set GBH as a Preferred Source in Google.