This is a cautionary tale for all of you who install extensions to Chrome or add-ons to Edge browsers willy-nilly. Security firm Koi has revealed that browser extensions with more than 8 million combined users are quietly collecting complete AI chatbot conversations and selling that data for marketing purposes.
The extensions, many of which are promoted as privacy tools and carry “Featured” badges in major browser stores hosted by Google and Microsoft, have been found to intercept users’ interactions with popular AI platforms and transmit them to third-party servers – often without clear or explicit disclosure to users, according to the Koi research as reported by Ars Technica.
First and foremost, these are the browser extensions that have been flagged by the Koi report for suspicious activity…
On the Chrome Store:
Urban VPN Proxy: 60 lakh+ users
1ClickVPN Proxy: 6 lakh+ users
Urban Browser Guard: 40,000+ users
Urban Ad Blocker: 10,000+ users
Edge Add-ons:
Urban VPN Proxy: 13 lakh+ users
1ClickVPN Proxy: 36,000+ users
Urban Browser Guard: 12,000+ users
Urban Ad Blocker: 6000+ users
Also read: Google’s increasing Chrome security for agentic AI actions with User Alignment Critic model
Security researchers at Koi found that the above mentioned eight popular extensions – many of them marketed as VPNs or ad blockers – inject custom scripts directly into AI chat platforms. Once there, those scripts intercept every interaction before the browser even knows what happened.
Instead of relying on standard browser networking calls, the extensions reroute traffic through their own code. The info they stole and rerouted included prompts, responses, timestamps, session metadata, and even the specific AI model in use. All of it was captured wholesale, compressed, and sent to servers controlled by the extension developer.
This wasn’t limited to one chatbot or one platform. Conversations across ChatGPT, Claude, Gemini, Copilot, Perplexity, and others were all fair game, according to Koi. Worse, the data harvesting runs independently of the extension’s headline features.
The most jarring detail is how openly this behaviour contradicts the extensions’ marketing. Turning off VPN routing or ad blocking doesn’t stop it. The only real off switch is uninstalling the extension entirely.
According to Koi, if you have any of the above mentioned extensions or addons on your Chrome or Edge browsers, immediately delete them. If you use AI chatbots for anything sensitive, audit your web browser extensions today. Remove anything you don’t absolutely need. If you installed one after July, assume your AI conversations may already be out of your control.
If anything, this episode is a timely reminder that browser extensions should be treated like full-fledged applications – not harmless accessories. Read permissions carefully. Favour well-documented, open-source tools whenever possible.
More broadly, it’s worth rethinking how much trust we place in AI chat interfaces. These platforms already come with limited guarantees around privacy. Why add unnecessary opaque third-party software into that process and multiply your privacy risk even more?
Lastly, the most unsettling part of this story. Seven of these extensions carried “Featured” badges in official stores operated by Google and Microsoft. As we all know, such badges aren’t ornamental in nature – they are symbols of trust. They tell users, implicitly, that someone has checked under the hood.
So how did this slip through? How does code that silently intercepts and monetizes AI conversations meet quality and privacy standards? And why were disclosures so buried that a normal user would never reasonably understand what was happening?
Users deserve clarity on what safeguards exist, how featured extensions are audited, and what happens next. Because if this is what slips through when the system is working as intended, then trust in these popular web browsers will ultimately take a huge hit going forward.
Also read: Google Chrome users alert! Hackers can steal your sensitive data if you don’t do this
