Trend in Digitals

Featured Chrome extension could be copying your AI chats

By Paulo Vargas
Published December 23, 2025

A security warning is a nasty surprise, especially when the add-on in question claims it exists to protect your privacy. Researchers at Koi Security say Urban VPN Proxy, a VPN extension for Google Chrome and Microsoft Edge, began logging users’ AI assistant conversations and sending them to a data broker.

Urban VPN Proxy looked reputable, with a 4.7-star rating, Google’s featured badge, and more than six million installs on Chrome. Another 1.3 million people installed it on Edge. But Koi says the extension’s behavior changed after a quiet update on July 9, 2025, when the publisher shipped version 5.5.0.

From that point, Koi alleges, the extension intercepted both what users typed and what the assistant replied across eight platforms: ChatGPT, Claude, Gemini, Microsoft Copilot, Perplexity, DeepSeek, Grok (xAI), and Meta AI.

The report says the captured prompts and responses were packaged and sent to Urban Cybersecurity’s parent company, BiScience (B.I Science (2009) Ltd), which Koi describes as a data broker that collects browsing history and device IDs at scale. Koi also says it found the same harvesting code in seven other extensions from the same publisher. If you’re still worried about your privacy, check out the best VPN services out now.

Koi points to Urban VPN Proxy’s setup consent screen, which references processing “ChatAI communication,” plus a privacy policy that describes sharing data for marketing analytics purposes.

Still, the practical reality is harsh. Extensions can auto-update on Chrome and Edge, so people who installed an older version could have been upgraded into chat collection without realizing it. Koi also says the store listing framed the tool as protecting users from entering personal information into AI chatbots, which clashes with the claim that it captured chats whether or not protection features were enabled.

If you used Urban VPN Proxy, assume AI chats since July 9, 2025 may have been exposed. Remove it in Chrome at chrome://extensions or in Edge at edge://extensions, then consider clearing cookies and cached site data. If you shared sensitive details, a password reset is a reasonable precaution.

Google says its featured badge signals best practices and a high standard for user experience and design, but this shows that label isn’t a guarantee. The simplest next step is also the most boring one: audit your extensions, delete anything you don’t trust, and keep the most personal stuff out of chat boxes.

Acer reveals Veriton compact PC to tackle the Mac mini with AMD Ryzen and plenty of AI mojo

Acer is making a direct play in that space with the Veriton RA110 AI Mini Workstation, a compact desktop that runs on AMD's Ryzen AI Max+ 395 processor, aimed at the same desk-bound professional who wants power without the tower.

Acer’s Swift Air 14 is a peppy MacBook Neo rival with some cool upgrades and a $699 ask

At a time when even mainstream laptops are creeping toward four-figure price tags, Acer’s latest machine feels refreshingly straightforward. It’s aimed at students, remote workers, and anyone who wants a laptop that looks and feels expensive without draining their bank account. The Swift Air 14 is powered by Intel’s new Core Series 3 processors and delivers up to 19 hours of battery life. That’s the sort of endurance that could realistically get many users through a full workday and beyond without scrambling for a charger.

Google Drive can now batch-scan your documents and spare you a few other frustrations, too

Well, Google Drive's new document scanner redesign fixes all three problems at once. Announced by Sameer Samat, the President of Android Ecosystem at Google, the feature is now rolling out for Android users.