Security Alert: Popular “Urban VPN Proxy” Extension Exposed for Spying on AI Conversations
Security Alert: Popular “Urban VPN Proxy” Extension Exposed for Spying on AI Conversations
- Why Enterprise RAID Rebuilding Succeeds Where Consumer Arrays Fail?
- Linus Torvalds Rejects MMC Subsystem Updates for Linux 7.0: “Complete Garbage”
- The Man Who Maintained Sudo for 30 Years Now Struggles to Fund the Work That Powers Millions of Servers
- How Close Are Quantum Computers to Breaking RSA-2048?
- Why Windows 10 Users Are Flocking to Zorin OS 18 Instead of Linux Mint?
- How to Prevent Ransomware Infection Risks?
- What is the best alternative to Microsoft Office?
Security Alert: Popular “Urban VPN Proxy” Extension Exposed for Spying on AI Conversations
SILICON VALLEY – Security researchers have issued an urgent warning to millions of Chrome users: Uninstall the Urban VPN Proxy extension immediately.
New investigations have revealed that the popular “free” VPN tool—which boasts a 4.5-star rating on the Chrome Web Store—is secretly harvesting user conversations from leading AI platforms, including ChatGPT, Claude, and Gemini.
Linus Torvalds on Linux Security Modules: We Have Too Many Of Those Pointless Things
The “Free” Cost: Your Private Data
While Urban VPN markets itself as a high-speed, free proxy service, its business model has long been under scrutiny. However, the latest findings from security firm Koi Security indicate a transition from simple data collection to aggressive spying.
According to the report, updates released in late 2025 introduced malicious scripts specifically designed to target 10 major AI chatbots.
Critical Zero-Day Vulnerability CVE-2025-14174 Patched Across Major Browsers
Key Findings of the Investigation
-
Prompt Injection & Extraction: The extension injects scripts into the browser that capture both the user’s “prompts” (questions) and the AI’s responses in real-time.
-
Constant Surveillance: The spying mechanism remains active even when the VPN service is turned off. As long as the extension is enabled in Chrome, it continues to monitor web activity.
-
Monetizing Secrets: The harvested data—which often includes corporate code, personal health queries, and financial planning—is sent to servers linked to data brokerage firms.
-
The P2P Risk: Like many free services, Urban VPN uses a Peer-to-Peer (P2P) architecture. This means your home IP address could be used by total strangers to route their traffic, potentially involving you in illegal activities without your knowledge.
20 Essential Cybersecurity Tools Every Security Professional Should Know
The Developer Connection
Urban VPN is operated by Urban Cyber Security, a firm closely tied to the data analytics company BiScience. Experts argue that the extension functions more as a “data scraper” than a security tool, using the promise of a free VPN as a “Trojan Horse” to bypass browser privacy protections.
“When a product is free, you are the product,” says one cybersecurity analyst. “But in this case, the ‘product’ being sold is your most sensitive intellectual property and private thoughts shared with AI.”
Beware of Poisoned Pirated Movies: DCRat Backdoor Hidden Using Go Compiler
Immediate Action Required
If you have this extension installed, security experts recommend taking the following steps:
-
Remove the Extension: Go to
chrome://extensions/and delete Urban VPN Proxy and any associated tools like “Urban Ad Blocker.” -
Audit Your AI History: Review the information you have shared with AI tools over the past several months. If you shared passwords, API keys, or sensitive documents, consider them compromised and update your security credentials.
-
Switch to Audited Providers: Prioritize VPN services that have a No-Logs policy verified by third-party auditors (e.g., ProtonVPN, Mullvad) rather than free extensions.
