Featured Chrome extension could be copying your AI chats

By Paulo Vargas Published December 23, 2025

A security warning is a nasty surprise, especially when the add-on in question claims it exists to protect your privacy. Researchers at Koi Security say Urban VPN Proxy, a VPN extension for Google Chrome and Microsoft Edge, began logging users’ AI assistant conversations and sending them to a data broker.

Urban VPN Proxy looked reputable, with a 4.7-star rating, Google’s featured badge, and more than six million installs on Chrome. Another 1.3 million people installed it on Edge. But Koi says the extension’s behavior changed after a quiet update on July 9, 2025, when the publisher shipped version 5.5.0.

From that point, Koi alleges, the extension intercepted both what users typed and what the assistant replied across eight platforms: ChatGPT, Claude, Gemini, Microsoft Copilot, Perplexity, DeepSeek, Grok (xAI), and Meta AI.

The report says the captured prompts and responses were packaged and sent to Urban Cybersecurity’s parent company, BiScience (B.I Science (2009) Ltd), which Koi describes as a data broker that collects browsing history and device IDs at scale. Koi also says it found the same harvesting code in seven other extensions from the same publisher. If you’re still worried about your privacy, check out the best VPN services out now.

Koi points to Urban VPN Proxy’s setup consent screen, which references processing “ChatAI communication,” plus a privacy policy that describes sharing data for marketing analytics purposes.

Still, the practical reality is harsh. Extensions can auto-update on Chrome and Edge, so people who installed an older version could have been upgraded into chat collection without realizing it. Koi also says the store listing framed the tool as protecting users from entering personal information into AI chatbots, which clashes with the claim that it captured chats whether or not protection features were enabled.

If you used Urban VPN Proxy, assume AI chats since July 9, 2025 may have been exposed. Remove it in Chrome at chrome://extensions or in Edge at edge://extensions, then consider clearing cookies and cached site data. If you shared sensitive details, a password reset is a reasonable precaution.

Google says its featured badge signals best practices and a high standard for user experience and design, but this shows that label isn’t a guarantee. The simplest next step is also the most boring one: audit your extensions, delete anything you don’t trust, and keep the most personal stuff out of chat boxes.