A cybersecurity company claims that a number of web browser extensions are secretly logging and selling users’ conversations with AI chatbots.
KOI, an Israel-based cybersecurity firm focused on developing protections against extension-based attacks, has released a report alleging that Urban VPN Proxy, a popular VPN extension on Google Chrome and Microsoft Edge, has a hidden function to “harvest” user conversations on AI platforms including ChatGPT, Claude, Gemini, Microsoft Copilot, Perplexity, DeepSeek, Grok, and Meta AI. The extension was updated with this new capability in July, according to KOI.
The report says that when users with the extension visit any of the above platforms, the extension injects an “executor” script directly into the webpage, so that “every network request and response on that page passes through the extension’s code first.” This means the extension sees every message sent by users and generated by the AI platforms. Once the info has been collected, it’s sent to the extension’s external servers.
Urban VPN Proxy wasn’t the only extension that KOI identified as containing AI harvesting functionality. The firm identified the following extensions, all of which come from the same organization, as containing the same malicious code:
Google Chrome Extensions:
- Urban VPN Proxy – 6,000,000 users
- 1ClickVPN Proxy – 600,000 users
- Urban Browser Guard – 40,000 users
- Urban Ad Blocker – 10,000 users
Microsoft Edge Extensions:
- Urban VPN Proxy – 1,323,622 users
- 1ClickVPN Proxy – 36,459 users
- Urban Browser Guard – 12,624 users
- Urban Ad Blocker – 6,476 users
In total, according to KOI, over 8 million users have installed these extensions. The company behind these extensions is Urban Cyber Security, which KOI says is affiliated with BiScience, a data broker company.
Ben Sherry
Source link