AI/ML

Expansive AI chat interception facilitated by Chrome extension

Google Chrome icon on a computer screen

Widely used Google Chrome extension Urban VPN Proxy has allowed clandestine collection of prompts entered into ChatGPT, Microsoft Copilot, Google Gemini, and other AI-powered chatbots following an update in July that had AI data harvesting on by default, according to The Hacker News.

Included in the update for Urban VPN Proxy, which has amassed six million downloads and carries the "Featured" badge on the Chrome store, was a tailored executor JavaScript for each of the AI chatbots that dismisses network request-managing browser APIs to obtain and subsequently exfiltrate users' prompts, chatbots' responses, conversation identifiers and timestamps, session metadata, and AI platform details, a report from Koi Security showed. Such data has been shared with BIScience, an ad intelligence and brand monitoring company that owns the extension's developer Urban Cyber Security Inc.

Similar AI harvesting capabilities were also observed in other Urban Cyber Security extensions, including 1ClickVPN Proxy, Urban Browser Guard, and Urban Ad Blocker, which are used by another two million users.

An In-Depth Guide to AI

Get essential knowledge and practical strategies to use AI to better your security program.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms of Use and Privacy Policy.

You can skip this ad in 5 seconds