A widely used Google Chrome extension with a “Featured” badge and over six million installations has been discovered secretly harvesting AI chat data from users of major chatbot platforms such as ChatGPT, Claude, Gemini, Copilot, Grok, and Perplexity, rerouting every prompt and response through hidden code to remote servers under the guise of a VPN service; the extension, Urban VPN Proxy, updated in mid-2025 to embed this data capture functionality by default, sniffing conversation text, timestamps, and session metadata and funneling it to external analytics domains despite claiming the practice was limited to anonymized marketing use, raising sharp concerns about how trusted labels and auto-update mechanisms enable persistent and opaque data collection at scale, and underscoring broader risks tied to browser extension permissions and marketplace oversight.
Source: Hacker News
Key Takeaways
• A “Featured” Chrome extension trusted by millions was covertly modified to intercept and exfiltrate AI chatbot data without clear user consent.
• Browser extensions can gain deep access to web activity and auto-update mechanisms make silent deployment of harmful code easier.
• Security professionals warn that both individual users and enterprise environments must reevaluate extension governance and treat these tools as part of the broader attack surface.
In-Depth
In a troubling development that underscores the growing cybersecurity gaps in widely trusted platforms, a Google Chrome browser extension that millions of users assume to be secure has been revealed to be quietly collecting AI chat conversations. Urban VPN Proxy, a free VPN touted for privacy and protection, was granted a “Featured” badge in the Chrome Web Store—a designation many users interpret as a de facto endorsement of quality and safety. However, an update pushed in July 2025 added stealthy code that hijacks every prompt and response entered into major AI chatbot services and funnels them to remote servers controlled by third parties. This wasn’t a blatant hack from outside the browser ecosystem; it was an update users accepted through Chrome’s automatic update mechanism, completely under the radar.
From a conservative perspective emphasizing personal responsibility and market accountability, this incident highlights the danger of unchecked reliance on centralized platforms and internal vetting badges. Users are right to expect that featured products meet objective standards, but marketplaces like Chrome’s Web Store are fundamentally unable to police every extension’s future behavior once installed. Permissive permission requests and broad API access give extensions deep hooks into sensitive user activity; in this case, that meant access to people’s thoughts, work product, and search behavior on AI platforms—a vastly underappreciated data set.
Security experts also warn that extensions are no longer peripheral add-ons; they are potential entry points for data exfiltration and supply-chain attacks. Because Chrome and other browsers push updates automatically, once a developer account is compromised or an update with malicious intent is published, millions of users install it passively. Businesses that allow employees to install extensions without oversight are exposing corporate networks and cloud credentials to similar risks. The broader pattern seen in recent months, including supply-chain campaigns turning trusted tools into spyware, suggests this is not an isolated flaw but a systemic vulnerability in the extension ecosystem.
Practical steps for users and organizations include auditing installed extensions, limiting extension permissions aggressively, and enforcing allow lists rather than broad install freedom. The Urban VPN Proxy case should serve as a wake-up call: trust badges aren’t guarantees, and personal or corporate data security requires active, informed management of even seemingly benign browser add-ons.