Security researchers have issued a new warning about browser extensions that collect and sell user conversations with AI assistants. Cybersecurity firm Koi said it uncovered a group of Google Chrome and Microsoft Edge extensions that harvest AI chats by default and share the data with third parties.
Harvesting AI Conversations
Koi said the affected extensions intercept conversations from multiple AI platforms, not just one service. The firm said users of ChatGPT, Gemini, Claude, Microsoft Copilot, Perplexity, DeepSeek, Grok from xAI, and Meta AI are all exposed if the extensions are installed.
According to Koi, the extensions include built-in executor scripts designed to capture conversations directly from browser tabs. These scripts are hard-coded into the extensions and enabled by default, leaving users with no option to turn off data collection. The only way to stop the activity is to uninstall the extension.
What Data is Collected and Shared
Koi said the extensions collect all AI interactions, including every prompt sent, every response received, conversation identifiers, timestamps, session metadata, and details about the AI platform and model used. The firm said this information is sold to third parties for marketing analytics purposes.
Koi added that the extensions monitor browser activity and inject platform-specific scripts, such as chatgpt.js or gemini.js, whenever a user opens an AI service. Each AI platform has its own dedicated script to capture conversations.
Prime Suspects
The primary extension identified is Urban VPN Proxy, which has around 6 million users on the Chrome Web Store. Koi said it found the same AI data harvesting code in seven other extensions from the same publisher across both Chrome and Edge.
On Chrome, the affected extensions include Urban VPN Proxy, 1ClickVPN Proxy, Urban Browser Guard, and Urban Ad Blocker. On Microsoft Edge, the same extensions appear with additional user counts reaching more than one million installs in some cases.
Store Approval and User Trust Concerns
All but one of the extensions carry Featured badges in their respective stores, which signal that they have been reviewed and meet platform quality standards. Koi said these badges often influence users to install extensions, creating an assumption of trust that may not be warranted.
The extensions are presented as privacy or security tools. However, Koi said their privacy policies confirm that browsing data, including AI inputs and outputs, is shared with an affiliated data broker and used commercially.
Data Stealing Practices Buried in Policies
Koi said disclosures about AI data collection are difficult to find. During setup, the consent prompt states that the extension processes ChatAI communication, visited pages, and security signals to provide protection. Deeper in the privacy policy, the document states that AI prompts and outputs are collected and disclosed for marketing analytics purposes.
Uninstall Warning Issued
Koi said the extensions remained active for months while collecting highly sensitive user data. The firm advised users to uninstall any of the listed extensions immediately and assume that any AI conversations conducted since July 2025 may have been captured and shared with third parties.
Stay Connected with ProPakistani
Get the latest tech news, telecom insights, and product launches wherever you prefer.
Add ProPakistani to Preferred Sources and see more of our stories in Google Search and Top Stories.
