Warning: A “Free VPN” Chrome Extension May Have Been Collecting Your AI Chats

Have you ever shared something personal with an AI chatbot like ChatGPT or Claude — a health concern, a work problem, or a private thought? If yes, this news matters. Recent security research has raised concerns about a popular free VPN browser Google Chrome extension that was reportedly capable of collecting and transmitting AI chatbot conversations without clear user consent.

This guide cuts through the hype to highlight real differences in speed, security, streaming access, and price between ExpressVPN and NordVPN. By the end, you’ll know which VPN best suits your needs and why.

The extension referenced in multiple security reports is Urban VPN Proxy — a widely installed “free VPN” browser add-on used by millions worldwide.

A serious privacy warning for AI chatbot users

This is not an issue with ChatGPT, Claude, Gemini, or other AI platforms themselves. Instead, it highlights a growing risk posed by third-party browser extensions, especially those that promise privacy while operating deeply inside your browser.

What researchers discovered

According to findings published by Koi Security and later reported by Malwarebytes, a Chrome extension marketed as a free VPN contained scripts that could monitor and extract content from web pages — including conversations with AI chatbots.

Security researchers found that:

• The extension included background scripts capable of reading webpage content

• AI chat sessions from platforms such as:

  • ChatGPT (OpenAI)

  • Claude (Anthropic)

  • Gemini (Google)

  • Grok (xAI)

  • DeepSeek
    could be accessed at the browser level

• The collected data was allegedly transmitted to remote servers for analysis purposes

ExpressVPN vs NordVPN: 2025 Speed, Security & Features Faceoff

Malwarebytes’ investigation emphasized that users installed the extension for privacy, yet its behavior appeared to contradict that expectation.

Importantly, there is no evidence that the AI platforms themselves were breached. The risk exists at the browser extension layer, which operates with elevated permissions.

Source: Malwarebytes security blog (December 2025)

Why this is especially dangerous

1. AI chats often contain sensitive data

Unlike search engines, people talk to AI chatbots as if they are private diaries. Conversations may include:

• Medical concerns

• Financial questions

• Relationship issues

• Business strategies

• Personal confessions

That makes AI chat data far more valuable than ordinary browsing data.

How to Safely Unblock Any Website Without VPN (Works on PC & Mobile)

2. Browser extensions can see more than you think

Many Chrome extensions request permissions such as:

“Read and change all your data on websites you visit”

Once granted, an extension can technically observe everything happening in your browser tab, including AI chat interfaces.

3. Automatic updates change behavior silently

An extension that was harmless when installed can later be updated with new code — without obvious user notification.

According to researchers, this data-collection behavior appeared after a mid-2025 update, meaning long-time users may never have noticed the change.

Important clarification: This is not an AI platform issue

It is critical to separate facts from fear:

• ❌ This is not a vulnerability in ChatGPT, Claude, Gemini, or Grok

• ❌ This is not proof that AI companies are spying on users

• ✅ This is a browser extension privacy risk

If you access AI tools directly through their official websites or apps, without untrusted extensions installed, there is no indication you are affected.

3 VPNs That Pass All Tests (2025)

1. NordVPN: Zero leaks in tests, RAM-only servers, and Threat Protection to block malware.
2. Surfshark: Unlimited devices, Camouflage Mode for bypassing VPN blocks, and CleanWeb ad-blocker.
3. ExpressVPN: Trusted Server tech (data wiped on reboot) and consistent streaming access.

What users should do immediately

1. Check your browser extensions

• Open:

  • chrome://extensions (Chrome)

  • edge://extensions (Edge)

• Review all installed extensions carefully

• Remove any VPN or privacy tools you don’t fully trust or no longer need

2. Uninstall suspicious extensions

If you have Urban VPN Proxy or similar free VPN extensions installed and no longer require them, security experts recommend uninstalling them as a precaution.

3. Reset sensitive passwords

If you discussed private matters in AI chats while the extension was active:

• Change passwords

• Enable two-factor authentication (2FA)

• Monitor accounts for unusual activity

4. Clear browser data

Clear cache, cookies, and site data to remove stored session information.

7 Best Antivirus with VPN to Protect from Malware and Privacy Threats

Best practices for safe and ethical AI usage

• Avoid sharing highly sensitive personal data in AI chats

• Use AI tools in clean browser profiles without extra extensions

• Read extension privacy policies, not just ratings

• Be skeptical of “free” privacy tools — operating costs are often paid with data

• Audit browser permissions regularly

Common mistakes users make

• Trusting “Featured” or high-rating extensions blindly

• Installing VPNs without understanding how they make money

• Assuming browser add-ons are safer than apps

• Ignoring update logs and permission changes

• Believing “free” always means harmless

Why this matters beyond one extension

This incident highlights a broader issue:

Your browser is the most sensitive application you use.

Anything with full browser access can potentially see:

• Emails

• Password fields

• AI chats

• Forms

• Work dashboards

As AI becomes more personal and conversational, browser-level surveillance becomes more dangerous than traditional tracking.

Final thoughts

This case serves as a reminder that privacy risks don’t always come from the platforms we use — they often come from the tools we install around them.

AI chatbots are becoming trusted spaces for thinking, planning, and self-reflection. That trust deserves protection.

Be selective. Be skeptical. And always remember:

If a service is free, the real cost may be invisible.

Sources

• Malwarebytes: Chrome extension slurps up AI chats after users installed it for privacy

• Koi Security: Independent browser extension investigation