What's Happening?
A Google Chrome extension, Urban VPN Proxy, which boasts a 'Featured' badge and has over six million users, has been found to intercept and collect data from AI-powered chatbots. This extension, developed
by Urban Cyber Security Inc., was updated in July 2025 to include a feature that captures every prompt entered into chatbots like OpenAI ChatGPT and Microsoft Copilot. The data collected includes user prompts, chatbot responses, and session metadata, which are then sent to remote servers controlled by the company. Despite its claims of protecting user privacy, the extension's updated privacy policy indicates that the data is used for marketing analytics and shared with third-party firms like BIScience. This revelation has raised significant privacy concerns, especially since the extension is also available on the Microsoft Edge Add-ons marketplace with over 1.3 million installations.
Why It's Important?
The discovery of Urban VPN Proxy's data interception practices highlights significant privacy risks associated with browser extensions. With millions of users potentially affected, the incident underscores the vulnerability of personal data shared with AI chatbots. The extension's 'Featured' badge on platforms like Google Chrome and Microsoft Edge suggests a level of trust and quality, which may mislead users into believing their data is secure. This situation raises questions about the adequacy of current privacy policies and the need for stricter regulations to protect user data. The involvement of third-party firms in data collection further complicates the issue, as it suggests a broader network of data sharing that users may not be aware of.
What's Next?
In response to these findings, there may be increased scrutiny on browser extensions and their data collection practices. Users might demand more transparency and stricter privacy controls from extension developers. Regulatory bodies could also step in to enforce more stringent guidelines to protect user data. Google and Microsoft, as platform providers, may face pressure to review their vetting processes for extensions, especially those with 'Featured' badges. This incident could lead to a broader discussion on digital privacy and the responsibilities of tech companies in safeguarding user information.
