Widely used Google Chrome extension Urban VPN Proxy has allowed clandestine collection of prompts entered into ChatGPT, Microsoft Copilot, Google Gemini, and other AI-powered chatbots following an update in July that had AI data harvesting on by default, according to The Hacker News.Included in the update for Urban VPN Proxy, which has amassed six million downloads and carries the "Featured" badge on the Chrome store, was a tailored executor JavaScript for each of the AI chatbots that dismisses network request-managing browser APIs to obtain and subsequently exfiltrate users' prompts, chatbots' responses, conversation identifiers and timestamps, session metadata, and AI platform details, a report from Koi Security showed. Such data has been shared with BIScience, an ad intelligence and brand monitoring company that owns the extension's developer Urban Cyber Security Inc.Similar AI harvesting capabilities were also observed in other Urban Cyber Security extensions, including 1ClickVPN Proxy, Urban Browser Guard, and Urban Ad Blocker, which are used by another two million users.
AI/ML
Expansive AI chat interception facilitated by Chrome extension

(Adobe Stock Images)
An In-Depth Guide to AI
Get essential knowledge and practical strategies to use AI to better your security program.
Get daily email updates
SC Media's daily must-read of the most current and pressing daily news
You can skip this ad in 5 seconds



