If you’re currently using Google Chrome browser extensions to “improve” your AI chatbot experience, particularly if it’s a free VPN or proxy, it’s likely that your private conversations are being monitored and shared with third parties. Researchers found popular browser extensions, installed by tens of millions of users, have secretly been harvesting users’ AI chat logs, including those used on ChatGPT, Claude, Gemini, Copilot, and other AI chatbot platforms. The truth is, it’s happening now, and the only way to keep it from happening is to get the extension uninstalled.

Common VPN Browser Extensions are Listening to the Conversation between the User and the

One of the most popular extensions for Chrome, named Urban VPN Proxy, which had more than six million downloads from the Chrome Web Store, was actually capturing all the queries and responses exchanged between users and prominent AI platforms. User data was being harvested by custom scripts developed within the extension, which would then transmit this data to servers operated by the developer of the extension’s affiliated data brokerage service after some changes were introduced through updates mid-2025.

Several Extensions Associated with the Same Malicious Harvesting Code

Urban VPN Proxy is not alone, however. Several other extensions were found, including 1ClickVPN Proxy, Urban Browser Guard, and Urban Ad Blocker, which were recording conversations about AI and sending them on. Altogether, the extensions on the Google Chrome Web Store and the Microsoft Edge Add-ons have been installed on more than eight million users’ browsers.

Logs Obtained Through AI Crops Shared for a Fee with Data Brokers

While the terms of the extensions’ privacy practices do technically divulge the collection of the information, the manner in which the information was presented was opaque and couched in terms of the legalese that most users never bother reading. The AI conversations that were being harvested appear to be shared with a “related analytics company” for “marketing purposes,” which is a gloss on the sensitivity of the information, which can include such things as personal questions, employment information, and even trade secrets shared with AI assistants.

Google’s Featured Badge Did Not Protect Users in This Situation

However, what is particularly alarming is that Urban VPN Proxy and other extensions had ‘Featured’ badges in Chrome. It is significant to note that these badges are used to signify quality or trust. What it means is that even extensions approved through Google approval processes might contain malicious behavior in them, especially where new ‘harvesting scripts’ are introduced through updates following approval.

This intercepts the traffic from the browser to spy on the user. This script

These malicious scripts in these extensions achieve this by hijacking basic functionalities in browsers such as fetch() and XMLHttpRequest that are responsible for data exchange between the browsers and chatbot sites. These malicious extensions are able to inject their scripts into AI sites, thereby gathering all information before pages are loaded, making it completely unnoticeable.

The Register

• Change The Chat History Settings
• Disable Chat History
• Keeping your privacy intact in the future:
• Remove any VPN, or proxy-type extensions you do not trust entirely.

Please examine the list of extensions in Chrome and fix those which do not limit access to web traffic or site data. Utilize reliable security software for scanning malicious extensions. Refrain from adding browser extensions that require access to all websites, particularly when they fail to provide a logical explanation for the need for such access. Yahoo Tech **Regular Audits: Staying Ahead of Future Risks of Exposure This incident serves as a reminder that even if an extension has millions of users and claims to be focused on providing privacy, it may not honor that privacy. Browsers are incredibly powerful, and extensions have complete access to your data. It is necessary to audit your tools and get rid of any that are no longer needed. Yahoo Tech
Looking In summary, if you are using these extensions for use with AI chat services, remove them. Your AI communications, which could encompass personal or business data, shouldn’t wind up in someone else’s analytics database.

Read Also: From Firefox Malware to Stolen Pornhub Data: This Week’s Security News Is Not Sexy

News Source: Pcmag.com