Malicious VPN Extension Stole ChatGPT and Google Gemini Conversations From Millions

News
Milan Stanojevic
Milan Stanojevic Shield
Windows Toubleshooting Expert
News
Reading time icon 2 min. read

Calendar icon Published on

Urban VPN Proxy stealing data

A malicious VPN service was found stealing full ChatGPT and Google Gemini conversations, raising major concerns about browser extension privacy and AI data security.

A recent investigation revealed that the VPN extension Urban VPN Proxy secretly logged full browser traffic, including private conversations with major AI platforms. The affected services include ChatGPT, Claude, Google Gemini, Microsoft Copilot, Perplexity, DeepSeek, Grok (xAI), and Meta AI.

Despite carrying a 4.7-star rating from 58.5K reviews and reaching over six million users, the extension exposed sensitive data from more than eight million users worldwide. Google even featured the extension, which increased user trust and adoption.

How Urban VPN stole ChatGPT and Gemini data

Urban VPN collected data by injecting an executor script directly into the webpages of targeted AI platforms. The script overrode native browser functions, which allowed it to intercept all network traffic between users and AI services.

The extension captured:

  • Every AI prompt and response
  • Conversation IDs and timestamps
  • Session-level metadata

After extraction, the script compressed the data and transmitted it to Urban VPN servers. Data harvesting ran continuously in the background and worked even when the VPN was turned off or user settings were unchanged.

All conversations since July 2025 are compromised

The malicious functionality appeared in Urban VPN version 5.5.0, released on July 9, 2025. Any AI conversations conducted since that date should be treated as compromised.

Urban VPN is affiliated with BiScience, a data broker company. Reports indicate that the harvested data was collected and sold for marketing analytics purposes.

Other extensions affected

Urban VPN was not the only extension involved. Investigators found the same data-harvesting code in:

  • 1ClickVPN Proxy
  • Urban Browser Guard
  • Urban Ad Blocker

Users running any of these extensions should remove them immediately and review their online accounts for potential exposure.

Many users rely on AI chats for private tasks such as writing code, planning projects, or discussing sensitive topics. This incident shows how browser extensions can silently intercept AI conversations without clear consent.

The findings highlight the importance of auditing browser extensions regularly and avoiding VPN tools with unclear data-collection practices.

In other news, ChatGPT can now edit photos and PDF files, so if you removed the malicious extension, go give it a try.

Via Neowin

More about the topics: Cybersecurity, VPN

Milan Stanojevic

Milan Stanojevic Shield

Windows Toubleshooting Expert

Milan has been enthusiastic about technology ever since his childhood days, and this led him to take interest in all PC-related technologies. He's a PC enthusiast and he spends most of his time learning about computers and technology. Before joining WindowsReport, he worked as a front-end web developer. Now, he's one of the Troubleshooting experts in our worldwide team, specializing in Windows errors & software issues.

Readers help support Windows Report. We may get a commission if you buy through our links. Tooltip Icon

Read our disclosure page to find out how can you help Windows Report sustain the editorial team. Read more

User forum

0 messages