A popular Chrome browser extension promoted in the Chrome Web Store’s “Featured” section was quietly intercepting and recording millions of users’ AI chatbot conversations, according to multiple security investigations. Researchers tied the activity to the widely used Urban VPN proxy service and a Chrome extension installed by more than 6 million users, revealing that the tool harvested prompts and responses from major AI platforms and funneled them to remote servers. The findings raise urgent questions about Google’s vetting of featured Chrome extensions and the privacy risks facing everyday users who rely on browser add‑ons for security and productivity.
How a ‘Featured’ Chrome Extension Turned into a Data Harvester
Security analysts found that a Chrome extension highlighted as a “Featured” add‑on in the Chrome Web Store was intercepting users’ AI chatbot conversations while presenting itself as a benign privacy tool. The extension, identified as part of the Urban VPN ecosystem, appeared in the store with polished branding and a prominent featured badge that typically signals Google’s endorsement of quality and safety. Behind that trusted placement, investigators later documented that the extension injected code into pages hosting AI tools, capturing the text users typed into chat interfaces and the responses they received.
The browser add‑on was directly linked to the “Featured” Urban VPN caught stealing private AI chats case, in which researchers concluded that the Urban VPN browser extension functioned as a free VPN and proxy service while siphoning off private AI conversations. Its listing and marketing language emphasized anonymity, secure browsing, and access to blocked content, encouraging users to treat it as a protective layer over their online activity. In practice, the same extension that promised privacy quietly captured sensitive prompts and responses in the background, turning a featured security tool into a large‑scale data harvester and exposing how easily trust in official store curation can be misused.
Scale of the Breach: Millions of Users and AI Chats Exposed
The scope of the exposure became clear when investigators tied the data collection to a Chrome extension with “6M+ users” found collecting AI chatbot inputs, a figure that underscores how many people may have had their conversations recorded. Installation counts in the Chrome Web Store showed that millions of users had added the extension to their browsers, often as a one‑click step while searching for a free VPN or proxy. Each of those installations represented a potential feed of AI prompts, follow‑up questions, and model responses flowing out of the browser and into infrastructure controlled by the extension’s operators.
Separate research into browser extensions quietly collecting millions of AI chatbot conversations documented how tools tied to Urban VPN and related proxy services systematically harvested interactions with online AI platforms. Analysts observed that the extensions did not limit themselves to occasional metadata, instead capturing full conversational threads that could include personal details, business plans, proprietary code, or confidential documents pasted into chat windows. The fact that six million users trusted this extension without understanding its recording behavior illustrates a widening gap between user expectations of privacy and the opaque data practices embedded in many browser add‑ons.
What Researchers Uncovered About AI Chat Interception
When security researchers began reverse‑engineering the Urban VPN browser extension, they discovered code paths specifically designed to intercept and exfiltrate private AI chat content from within the browser. The analysis of the Chrome Extension with 6M+ Users Found Collecting AI Chatbot Inputs showed that the extension hooked into webRequest and scripting capabilities to monitor traffic to popular AI services, then extracted the text of user prompts and the corresponding responses. Rather than limiting its activity to VPN‑related routing, the extension used its broad permissions to read and manipulate page content, turning every AI chat session into a potential data source.
Further technical work aligned with findings that browser extensions quietly collecting millions of AI chatbot conversations were forwarding harvested data to remote servers controlled by the extension operators. Packet captures and code inspection indicated that the captured AI chatbot inputs and full conversations were serialized and transmitted in the background, often without any visible indication in the browser interface. For users, the interception was effectively invisible, yet for the operators, it created a rich stream of conversational data that could be mined for behavioral profiling, advertising, or other forms of monetization, raising serious concerns about how AI‑generated and user‑supplied content can be repurposed once it leaves the browser.
User Trust, Data Recording, and Hidden Risks
The human impact of the incident is captured in the framing that “Six Million Users Trusted This Extension Without Knowing What It Records”, a description that reflects how people installed the tool believing it would protect their privacy while it silently logged their activity. Many users turned to Urban VPN and similar extensions to shield their IP addresses, bypass regional blocks, or add a layer of security when accessing services like ChatGPT, Gemini, or Claude. Instead of acting as a privacy buffer, the extension effectively sat between the user and the AI service as an uninvited observer, recording the very content people assumed was being kept safer by a VPN.
Investigations into Urban VPN and related proxy extensions found that these tools marketed themselves as free VPN or security products, a positioning that masked the extent of their data recording and AI chat harvesting. The featured Chrome listing, polished branding, and promises of secure browsing created a powerful trust signal that few non‑technical users were equipped to question. That combination of reassuring marketing and hidden surveillance illustrates a broader risk in the browser ecosystem, where extensions with access to every keystroke on a page can quietly assemble detailed dossiers of user behavior without any explicit, informed consent.
Implications for Google, AI Users, and Browser Security
The exposure of a Featured Chrome Browser Extension Caught Intercepting Millions of Users’ AI Chats has intensified scrutiny of Google’s extension review process and the safety of its “Featured” endorsements. Featuring an extension in the Chrome Web Store signals that it has passed additional checks and is recommended for users, yet the Urban VPN case shows that such badges can coexist with highly invasive tracking behavior. For Google, the incident raises questions about how deeply code is audited for data exfiltration patterns, how often featured extensions are re‑evaluated, and whether automated or manual reviews are sufficient to detect sophisticated harvesting techniques that activate only under certain conditions.
The findings that Urban VPN was caught stealing private AI chats also feed into broader concerns that free VPN and proxy extensions may monetize users’ AI conversations without clear consent or transparency. As browser‑based AI tools become embedded in daily workflows, from drafting legal memos to debugging production code, the content of those chats becomes far more sensitive than casual web browsing history. The discovery of a Chrome Extension with 6M+ Users Found Collecting AI Chatbot Inputs signals a systemic risk for anyone relying on extensions that can access web content, prompting security researchers to call for stricter oversight, more granular permission controls, and clearer disclosures whenever an add‑on can read or transmit the text of AI conversations.
