Some popular Chrome and Edge extensions have been surreptitiously recording user conversations with all sorts of artificial intelligence entities by sending the audio files to remote servers. The behavior impacts millions, a cybersecurity firm Koi claims — and is turned on by default, leading to immediate advice about deleting the implicated add-ons.
What Koi Found Inside Popular AI Chat Browser Extensions
Koi’s team, which is headed by co-founder and CTO Idan Dardikman, harnessed its agentic-AI risk engine, Wings, to search for browser extensions that inject scripts on AI chat sites. The company says that several extensions execute “executor” scripts which read all conversations in raw form anytime a user loads popular chatbot pages, and then exfiltrate the data. There’s no user-facing control to disable it, Koi said; the collection seems hardcoded and on by default.
- What Koi Found Inside Popular AI Chat Browser Extensions
- The Extensions Named and How Many Users They Reached
- Store Oversight Under Scrutiny on Chrome and Edge
- Why This Exposes Your Data and Raises Compliance Risks
- What to Do Now to Protect AI Chats and Browser Security
- The Bottom Line on Uninstalling Risky Extensions Today
Many individual users agree to the fact that the platform owner is allowed to keep chats under certain policy conditions, says Koi. What they’re not prepared for are third-party add-ons vacuuming up the same content, particularly when those add-ons are promoted as harmless utilities — free VPNs, proxies, ad blockers, etc.
The Extensions Named and How Many Users They Reached
The highest-profile incident is Urban VPN Proxy, which had more than 7 million installs across the Chrome and Edge stores, Koi says. Also flagged: 1ClickVPN Proxy, Urban Browser Guard and Urban Ad Blocker. In total, the extensions have exceeded 8 million users on both web stores, with 1ClickVPN Proxy reaching over 600,000 installs alone.
According to Koi, the extensions were aimed at chats with leading AI services such as ChatGPT, Claude, Gemini, Microsoft Copilot (they share this service on GitHub), Perplexity, DeepSeek, Grok from xAI and Meta AI. Scripts were customised for each platform to increase the likelihood of catching complete conversations as opposed to short snippets.
Koi noted that Urban VPN’s developer lists AI chat collection in its privacy policy. But that part wasn’t really represented in its store listing, and very few people read wall-of-text policies. Chrome Web Store policies do not allow web browsing activity to be sent to a server unless the collection of such data is prominently disclosed in the extension’s Chrome Web Store listing and “Privacy practices” section of the listing, as well as in the product UI, such that it is easily and immediately viewable or accessible prior to installation or sign-in — all principles these extensions must have violated.
Store Oversight Under Scrutiny on Chrome and Edge
The extensions were deleted from the Chrome Web Store after Koi revealed their existence. They were still available in the Microsoft Edge Add-ons store at the time of Koi’s report, with 1ClickVPN Proxy listed as “Featured.” Koi also points out that Urban VPN Proxy once wore a “Featured” badge in the Chrome store — indelibly implying human review for quality and security. That raises questions about how thoroughly professionals inspect code for invasive data collection, even on pages from the platforms that run the stores.
Why This Exposes Your Data and Raises Compliance Risks
AI chats tend to involve sensitive materials: draft contracts, medical or travel information, API keys, source code and sensitive future internal strategy. Some companies have restricted use of chatbots after employees pasted proprietary data into prompts — Samsung’s clampdown was a flagship case. If that data were being siphoned off by extensions, companies would risk leaking trade secrets while individuals potentially open themselves up to identity theft, account takeovers or doxing.
It’s more than a privacy risk; it’s compliance. Accidental transfer of data may be at odds with obligations under regimes such as GDPR, or industry rules about retention and processing. As browser extensions interact with elevated permissions, they can see page content when it’s not obvious to the user. This is a classic supply chain issue at the browser level.
What to Do Now to Protect AI Chats and Browser Security
Koi’s advice is straightforward: Delete Urban VPN Proxy, 1ClickVPN Proxy, Urban Browser Guard and Urban Ad Blocker immediately. Then audit your remaining extensions, deleting any that request the ability to “read and change all your data on all websites” without a strong reason. Keep extensions to only those you really need, and only from honest developers with transparent, minimal data use.
If you have had sensitive conversations with chatbots, have those parts rotated to new secrets and tokens, and consider also adjusting settings in the chat platform to wipe histories where possible. Use official apps only, or trusted open-source extensions that have been audited by a third party. In Chrome and Edge, disable “Allow in Incognito” for any extension that doesn’t need it, and keep an eye on extension version histories for unexpected permission changes.
Entities should also implement extension allowlisting in the enterprise browser, block high-risk categories such as opaque VPN/proxy add-ons and scan managed endpoints to identify any unwanted extensions.
Security teams can be aligned with OWASP advice related to supply-chain and client-side risks in creating repeatable reviews as AI use proliferates throughout the business.
The Bottom Line on Uninstalling Risky Extensions Today
If installed, Koi advises users to bear in mind that AI conversations since July 2025 could have been stored and potentially accessed by third parties. With millions of people affected and store vetting under scrutiny, the quick fix is for everyone to uninstall now, rotate any exposed credentials, and to buckle up your extension hygiene before you type another command prompt.
