Sign in Subscribe

Chrome VPN Extension Intercepts User Queries to AI

Chrome VPN Extension Intercepts User Queries to AI

Koi Security discovered that Urban VPN Proxy, a Chrome extension with six million users and a "Recommended" badge, secretly collects all user prompts to ChatGPT, Claude, Copilot, and other AI chatbots. The collected data goes to a data broker that sells it to advertisers.

Urban VPN Proxy holds a 4.7-star rating in the Chrome Web Store with over six million downloads. The extension advertises itself as "the safest free VPN to access any site." Developer Urban Cyber Security operates from the United States. The extension has over 1.3 million installations in the Microsoft Edge add-ons store.

Despite claims that the extension "protects the user's identity and hides their IP address," a July 9, 2025 update to version 5.5.0 introduced data collection from AI chatbots, active by default.

Data Collection Mechanism

The collection system uses specialized JavaScript files that launch when users visit targeted AI sites (ChatGPT, Claude, Gemini, and others). Separate scripts exist for each chatbot: chatgpt.js, claude.js, gemini.js. These scripts replace standard browser APIs for handling network requests—fetch() and XMLHttpRequest()—intercepting all data exchanged between users and AI platforms before requests reach chatbot servers.

The extension collects user prompts, chatbot responses, session identifiers, timestamps, session metadata, platform data, and AI model information. All collected data transmits to two remote servers: analytics.urban-vpn[.]com and stats.urban-vpn[.]com.

Chrome and Edge extensions update automatically by default. Users who installed Urban VPN for VPN functionality suddenly had new code secretly collecting all AI conversation data.

Privacy Policy and Data Broker Connection

Urban VPN's updated privacy policy from June 25, 2025 mentions AI chat data collection. The developers claim they collect information to improve the Safe Browsing function and for marketing analytics, using depersonalized and anonymized data for additional purposes.

However, Urban Cyber Security shares collected data with BIScience—a company that owns Urban Cyber Security. BIScience handles advertising analytics and brand monitoring. BIScience receives raw, non-anonymized data that can be used for commercial purposes and shared with business partners.

In January 2025, an anonymous security researcher exposed BIScience's data collection practices. The company exploits vague privacy policy wording to collect browser history data through SDKs embedded in partner extensions.

"BIScience and its partners exploit loopholes in Chrome Web Store rules, in particular, exceptions to the Limited Use rule," the researcher wrote. "They create functions that allegedly require access to browser history to then cite exceptions, claiming it's needed 'to implement the stated functionality.'"

Fake Protection Feature

Urban VPN advertises an "AI Protection" feature that supposedly checks prompts for personal data, verifies chatbot responses for suspicious links, and warns users before sending prompts or clicking links.

Koi Security found this "protection" works as a smokescreen. Data collection occurs regardless of whether the feature is enabled. The protection function periodically shows warnings about not sharing confidential data with AI companies while the data collection function sends all confidential data to Urban VPN's servers, where it's sold to advertisers. The extension warns about sharing email addresses with ChatGPT while leaking entire conversations to a data broker.

Additional Affected Extensions

Koi Security discovered identical data collection in three more extensions from the same developer, installed by over eight million users total:

  • 1ClickVPN Proxy
  • Urban Browser Guard
  • Urban Ad Blocker

All extensions except Urban Ad Blocker for Edge carry the "Recommended" badge in official stores, signaling compliance with platform best practices and quality standards.

"These badges signal to users that the extensions are verified and meet the platform's quality standards," Koi Security stated. "For many, the 'Recommended' badge determines whether to install an extension or skip it. This is implicit approval from Google and Microsoft."