Yesterday, the security firm Koi exposed an extremely severe and damaging data theft incident. The free-to-use Chrome extension "Unban VPN Proxy" has been intercepting chat logs when users interact with AI platforms like OpenAI, Gemini, Claude, Grok, and DeepSeek while using the proxy. This data is then sent back to the Unban VPN Proxy company, which resells the user data to third-party platforms.
This extension had nearly climbed to the #1 spot on the Chrome Web Store's popular apps list and was even awarded the "Featured" badge by the Chrome Store. It has an installed base of over 6 million users.
Unban VPN operates by hijacking the browser's network requests and routing them to its own servers. Regardless of whether the user is actively using the VPN service, the extension continuously intercepts user chat data. This includes the user's prompts, the AI's responses, timestamps, and conversation IDs—all of which are harvested.
Furthermore, Koi stated that this mechanism for stealing user data was implanted in the code starting with the update released on July 9th of this year. This is undoubtedly a heavy blow to the web ecosystem. The Google Chrome team's review process for plugins must bear primary responsibility. Not only is the review efficiency low—often requiring days to approve simple data storage or multi-site request permissions—but it also failed to keep such malicious plugins out. I honestly think even Google's own Gemini could do a better job at reviewing code than this current system.
Reference: https://www.koi.ai/blog/urban-vpn-browser-extension-ai-conversations-data-collection
Comments NOTHING