extensions

We thought talking to ChatGPT and other AIs was private. We didn’t have these extensions stealing our conversations

by

There are matters that we would not publish on social networks or comment out loud. However, there they go, flowing in a waterfall of messages towards an artificial intelligence (AI) chatbot, as if it were our best friend. There are no glances, no judgment, no awkward silences. There are answers that, many times, are limited to proving us right or convincing us. But beyond that, an uncomfortable question appears: what if everything we have told could end up in the hands of a third party? What if there is someone else reading those conversations? Opt out in training models or maximizing the security of our account may not be enough. There is another threat that is reaching millions of users these days, and they may not even be aware of it: browser extensions that spy on and steal what is said to chatbots. At the top of the list is Urban VPN Proxy. A Chrome extension with more than 6 million users, rated 4.7 stars and that, until the publication of the cybersecurity report that we will talk about today, showed a “Featured” badge on Google, something that we can still verify in a version archived at the Internet Archive. The discovery. What has set off the alarms is a report published by Koia company specialized in cybersecurity. It is not a generic warning or a hypothesis, but the result of analyzing what these tools do in the background while we browse. When looking at popular extensions, the kind that are installed to gain privacy or security, their researchers detected a worrying pattern: some were capable of reading and sending conversations held with artificial intelligence chatbots outside the browser. A much larger attack surface. The investigation indicates that Urban VPN Proxy did not target a single AI provider, but rather a broad set of popular platforms. ChatGPT, Claude, Gemini either Microsoft Copilot appear among monitored services, greatly expanding the volume and diversity of data potentially captured. These conversations are not trivial: they often include intimate questions, financial information, or details of ongoing projects. Therefore, access to this type of exchange involves a very delicate level of exposure. How conversations are captured. According to the research firm, the mechanism does not depend on vulnerabilities in the chatbots themselves, but on the privileged place that the extensions occupy within the browser. Urban VPN Proxy monitors active tabs and, when the user accesses an AI platform, injects code directly into the page. This code intercepts the requests and responses exchanged with the server before the browser displays them on the screen, allowing access to the full content of the conversation in real time. What Urban VPN Proxy extracted were not jumbled fragments, but entire conversations with their associated context. Koi documents the systematic capture of user messages, AI responses, identifiers for each chat, and temporal data that allows them to be sorted and related to each other. This type of information, crossed over weeks or months, allows us to draw very precise usage patterns. From work habits to personal concerns, the value of the whole lies precisely in its continuity and not in a specific message. The content script that forwards the data It does not depend on activating the VPN. One of the most important nuances of the report is that conversation capture is not tied to the use of the VPN service itself. The mechanism, they explain, works independently, even when the VPN is disabled. It is enough to have the extension installed so that the code responsible for intercepting conversations continues operating in the background. There is no user-accessible switch that allows you to disable this collection without completely removing the browser extension. Conversation collection was not present from the beginning. According to the analysis, Urban VPN Proxy did not include this behavior in previous versions of the extension. The turning point comes on July 9, 2025, when an update is released that activates the capture of conversations with AI platforms by default. From there, any user with the extension installed and automatic updates activated began to execute that new code without an explicit notice comparable to the change in behavior or having to expressly accept that modification. What does “AI protection” promise? In the extension’s tab and in its messages to the user, Urban VPN Proxy presents this feature as an additional layer of security. According to its description, it serves to alert when personal data is entered into a chatbot or when a response includes potentially dangerous links. The problem is that this layer of notifications is not directly related to the collection of conversations. Activating or deactivating warnings does not prevent messages from continuing to be intercepted and sent to the company’s servers. The investigation did not stop at Urban VPN Proxy. By tracing the origin of the code and its behavior, Koi found that the same conversation capture logic appeared in other extensions published by the same publisher. Some present themselves as VPNs, others as ad blockers or browser security tools. Together, there are more than 8 million users between Chrome and Edge, which expands the scope of the problem and explains why researchers talk about an ecosystem and not a specific anomaly. Identified extensions for Chrome: Urban VPN Proxy 1ClickVPN Prox Urban Browser Guard Urban Ad Blocker Identified extensions for Microsoft Chrome: Urban VPN Proxy 1ClickVPN Proxy Urban Browser Guard Urban Ad Blocker Who is behind. Urban VPN Proxy is operated by Urban Cyber ​​Security Inc., a company linked to BiSciencea data intermediation firm, a data broker, as described by Koi. Koi recalls that BiScience had already been the subject of previous investigations by other cybersecurity experts for the collection and commercialization of browsing data. The report frames this case as an evolution of these practices, going from collecting browsing habits to capturing complete conversations held with artificial intelligence systems. The finding also puts the focus on how the user is informed. The extension generically mentions the processing of data related to AI services … Read more

A single click and goodbye to our passwords. This is the vulnerability that affects the extensions of several managers

by

We trust our Password managers as if they were digital safes. But, According to expert Marek Tóthjust visit the wrong website and click where it does not correspond to put that armor at risk. The technique presented in Def with 33 does not point to applications, but to extensions we use daily In the browser. In his tests, he ensures that this gesture can activate an information theft system without the user perceiving it. The research, made public in one of the main international conferences of computer security, documents how eleven extensions of password managers could be manipulated to filter data. Toth states that he notified the finding of manufacturers in April 2025 and that in mid -August several still still had corrections. The study includes practical tests, websites designed to demonstrate the failure and an estimate of the scope: about 40 million potentially exposed active facilities. How the attack works and why it affects you The technique described by Tóth is based on hiding the elements that the extensions insert on the page so that the user interacts with them without seeing it. With minimal changes in opacity or overlapthe attacker gets that The self -fulfilling is activated in the background. And there are several ways to achieve it, from manipulating the root element of the extension to altering the entire body of the site, in addition to variants by overlap. The most delicate scenario appears when a trap website is not necessary, but it is enough to take advantage of a legitimate page with a security failure. In those cases, he explains, the attacker can capture login credentials. The risk increases because many managers fill data not only in the original domain, but also in subdomains, which expands the attack surface without the user noticing it. According to data published by Tóth and collected by Socketon August 19, 1Password, Bitwarden, ENPASS, were continued as vulnerable Icloud PasswordsLastpass and Logmeonce. On August 20, Socket updated that Bitwarden had sent version 2025.8.0 with a patch, pending distribution in extensions. Among the managers who did apply corrective measures are NordPass, Dashlane, Keeper, Protonass and Roboform. Of course, this list can vary at any time if other companies publish arrangements after the dissemination. Extension of password manager for the browser The manufacturers reaction was disparate. Socket points out that 1Password and Lastpass classified the ruling as “informative”, a category that usually implies absence of immediate changes. Bitwarden, ENPASS and Apple (Icloud Passwords) confirmed that They work in updateswhile Logmeonce did not respond to contact attempts. Some companies admitted the existence of risk, but related to external vulnerabilities at the sites visited. While some developers decide how to act, Toth and Socket team agree that there are practical measures to reduce exposure. One of the most effective is to deactivate the manual self -fulfilling and resort to copying and paste. It is also recommended to configure the automatic filling only for exact URL coincidences, preventing it from working in subdomains. In chromium -based browsers, the use of the extension can be limited with the access option “When clicking”, so that the user explicitly authorizes each use. The researcher shows how it is possible to overlap invisible elements on the page to deceive the user and press the password manager without realizing it Not everything is as immediate as clicking and losing everything. For the attack to succeed, the extension must be unlocked, the browser has not restarted and the user interact at the right time. In addition, the analysis focused only on eleven extensions. There is no evidence that All solutions The market is vulnerable, although the expert warns that the pattern can be repeated in other types of extensions. The weak point is in the SUNthe internal structure used by websites to organize buttons, forms or menus. Password managers insert their elements there, and if a malicious page manages to move them, hide or force them, the user can end up clicking without realizing it. That same risk extends to other extensions such as cryptocurrency wallets or notes applications. Images | Xataka with Gemini 2.5 In Xataka | How to change all our passwords according to three cybersecurity experts

In Chrome and Edge there are extensions with thousands of positive valuations. Many are part of malicious campaigns

by

Many times we install extensions without thinking too much. They serve something concrete, they occupy little and are there when we need them. Some even have thousands of opinions, good assessment and years of presence in the store. Now we know that An investigation has uncovered that several of them hid a surveillance system capable of following our steps through the network. They were not obvious scams: they were useful, well -made tools and, above all, silent. The extension that uncovered the problem. “Picker color, Eyedropper – Geco Colorpick” was one of many useful extensions. Allowed to select colors from anywhere on the screen and worked well. More than 100,000 users had it installed, with positive valuations and verification seal included. In the eyes of anyone, there was no reason to distrust. According to Koi Security researchersfor a long time it was completely legitimate. Until it was not. In one of its updates, without warnings or visible changes for the user, the extension began to register pages visited and send that information to a remote server. It also maintained an active connection with a control infrastructure. It was just the beginning. When deepening in the case, the researchers detected common patterns in their code and behavior. What they found was a broader and more coordinated network that they baptized as ‘reddirection’. According to the report, at least 18 different extensions were part of this operation. All were available in Chrome and Edge stores, and together they accumulated more than 2.3 million facilities. Some were passed through productivity tools, others for entertainment profits. There were emojis keyboards, speed controllers for videos, time extensions, dark or supposed VPN issues to unlock services such as Tiktok or Discord. All with something in common: they offered a legitimate function … while spying in the background. What they did was not to install classic malware. These extensions implemented a browser kidnapping system that was activated every time the user opened a new tab or sailed to another page. The malicious code was hidden in the extent substance service and did not interfere with its main functionality. The mechanism worked like this: every time a website was loaded, the URL was sent to a remote server next to a unique user identifier. From there, the attackers could order an automatic redirection towards a false page or simply register the activity. Everything happened in the background, without alerts, without emerging windows, without visible failures. Extensions were not malicious from day. And that is what makes this campaign especially dangerous. According to the researchers, many of them spent months – or even more – offering their functionality without any suspicious behavior. Everything changed in an update. The technical team maintains that the malicious code was introduced into subsequent versions, when the extensions already had the confidence of thousands of users. And as browsers update automatically, the change was applied without anyone noticing. No one click was needed. Nor Social Engineering. Neither phishing. And the mechanisms designed to protect the user? Several of the malicious extensions were verified or appeared as highlighted on the Chrome and Edge platforms. Others accumulated positive reviews and a solid user base. All that contributed to the unnoticed when they changed their behavior. These are the extensions directly linked to the Reddirection campaign, according to the analysis carried out by Koi Security researchers. All of them offered apparently legitimate functions, but were identified as part of the same browser kidnapping scheme: PICKER COLOR, EYEDROPPER – GECO COLORPICK Emoji Keyboard Online – Copy & Paste Your Emoji Free Weather Forecast Weather Speed ​​Controller Video – Video Manager UNLOCK Discord – VPN Proxy to Unblock Discord Anywhere UNBLOCK TIKTOK-Seamless Access With One-Click Proxy Unlock YouTube VPN Dark Theme – Dark Reader for Chrome Volume Max – Ultimate Sound Booster Volume Booster – Increase Your Sound Web Sound Equalizer Flash Player – Games Emulator Header Value Unlock Tiktok Volume Booster Web Sound Equalizer Flash Player According to Bleeping Computersome of these extensions have already been removed from Chrome and Edge stores, but others are still available for discharge. Both Google and Microsoft have been notified by the Koi Security team, but for now they have not taken general measures on the complete set of extensions detected in the campaign. Images | Koi Security | Screen capture In Xataka | There is something that we are not doing enough and we should for our own security: eliminate old accounts

Chrome’s extensions have a big problem. Anyone can buy them and fill them with malware without finding out

by

One day John Tuckner decided to try to be evil. He found a browser extension called “Website Blocker” that could buy for $ 50 and took it. The extension, which allows to block certain websites so that the user is not distracted with them for some time, was especially interesting because it allowed to reuse it for spam attacks. And then things happened. Sight problem. In just a few days I had control of the extension and could do what I wanted with it. He modified the code, published the update and confirmed that the novelties had reached all users without being found. And then told what was happening: He is the founder of the cybersecurity company Secure Annex, and wanted to confirm their fears: there is great danger with extensions: anyone can buy them, modify them and reuse them for all kinds of purposes. Google reviews the modifications, but “it is not clear about what level of scrutiny,” Tuckner explained. Another recent case. At the end of January the creator of the Browser Boost Extra Tools for Chrome extension sold this development and transferred it to its new owner. Its 30,000 users were soon exposed to the new code, which dynamically redirected websites that the new owner decided unilaterally. I have not been. One of the extension users He warned of the problem in the github repository of the extension and analyzed the code notifying the danger of malware that could reach due to the new owner. The creator, n0m1111, explained who had sold the extension months ago and was no longer responsible for the code. Playing with permits. These extensions often allow permits of all types of browser parameters. Tuckner explained how in the extension he bought a permit called “declarativemetretreQuest” was used that was very wide and allowed to redirect users to false authentication sites to steal their passwords. Other permits would allow the owner of an extension to take screenshots with sensitive information or access the cookies that the browser keeps to steal data from the browser sessions. The possibilities are multiple and in Xataka we already talked a few months ago about how extensions They are becoming a silent method to infect users. A recent attack. In February, the Gitlab Threat Intelligence expert team They discovered A group of 16 Chrome extensions “used to inject code into browse to facilitate advertising and SEO fraud.” Among them they added 3.2 million users, and in Gitlab confirmed that the extensions had been bought and then modified, which allowed to avoid suspicions by users and the industry itself. These experts notified Google of the problem, and the company eliminated them all in January 2025. Block extensions, the solution. If you want to protect yourself from these problems, the solution is block The execution of extensions in your browser, especially in computers that handle sensitive data such as work. Unless they are extensions of trust, these types of problems can cause serious security problems. Care with permissions. Browser extensions can end up being bought, sold and reused without notice by their new owners, as has been the case. That raises a serious problem for users and companies, which before installing an extension should provide A lot of attention to permits that ask for these extensions to work. What do they say in Google. In Xataka we have contacted Google responsible and we will update this article if we receive new data on the subject. Be that as it may, the company offers A HELP DOCUMENT In this regard and also indicated in a Article in your official blog How to stay safe with the use of extensions in Google Chrome. In Xataka | Those responsible for the Robinson list confirm that it has not been hacked or data robbery (updated)

Log In

Forgot password?

Forgot password?

Enter your account data and we will send you a link to reset your password.

Your password reset link appears to be invalid or expired.

Log in

Privacy Policy

Add to Collection

No Collections

Here you'll find all collections you've created before.