Today’s Topics:
- Featured Browser Extensions Caught Harvesting AI Chat Data at Scale
- Actively Exploited WinRAR Flaw Draws Multiple APT Groups and CISA Action
- How can Netizen help?
Featured Browser Extensions Caught Harvesting AI Chat Data at Scale
A Chrome browser extension promoted as a trusted, “Featured” tool has been caught quietly collecting AI chat conversations at massive scale, raising serious questions about extension marketplace oversight and user consent in AI-heavy workflows.
Urban VPN Proxy, a Chrome extension with roughly six million users and a 4.7-star rating, was found intercepting and exporting every prompt and response exchanged with major AI platforms. That includes ChatGPT, Claude, Copilot, Gemini, Grok, Meta AI, DeepSeek, and Perplexity. The same extension also reports more than 1.3 million installs on Microsoft Edge.
The behavior was introduced in version 5.5.0, released July 9, 2025. From that point forward, AI data harvesting was active by default, controlled through hard-coded settings rather than user configuration. Anyone using the extension for its advertised VPN functionality effectively received new surveillance code without meaningful notice or opt-in.
The technical mechanism is direct and difficult for users to observe. The extension injects platform-specific JavaScript files into AI chat sessions, including scripts such as chatgpt.js and gemini.js. Once active, those scripts override standard browser networking interfaces, intercepting both fetch() and XMLHttpRequest() calls. Every AI interaction is routed through the extension before being sent onward, allowing the full conversation to be captured.
Captured data includes user prompts, AI responses, session identifiers, timestamps, platform details, and related metadata. That information is then transmitted to remote infrastructure controlled by Urban VPN, including analytics and statistics endpoints under the company’s domain.
Koi Security, which disclosed the activity, noted the practical risk created by automatic extension updates. Users who installed Urban VPN months or years earlier for basic proxy services woke up to a version that harvested sensitive AI conversations without fresh consent or clear disclosure. From a security perspective, that change materially alters the threat profile of the extension.
Urban VPN’s privacy policy was updated shortly before the release, acknowledging that AI prompts and outputs are collected. The policy frames the practice as support for “safe browsing” and marketing analytics, claiming that data is filtered, de-identified, and aggregated. At the same time, the company concedes that sensitive information may still be processed and that complete removal of personal data cannot be guaranteed.
More concerning is the downstream data-sharing model. One of the listed recipients of collected browsing data is BIScience, an ad intelligence and brand monitoring firm that owns Urban Cyber Security Inc. The policy states that BIScience receives raw, non-anonymized data to generate commercial insights shared with business partners.
That relationship is not new. Earlier this year, independent researchers accused BIScience of collecting detailed clickstream data through third-party browser extensions under misleading disclosures. According to those findings, BIScience supplies SDKs to extension developers that funnel browsing data to infrastructure under its control, exploiting policy carve-outs in Chrome’s Limited Use requirements.
Urban VPN markets an “AI protection” feature that warns users when prompts contain personal data or when AI responses include suspicious links. The presentation suggests user safety controls. What it does not disclose is that AI conversation harvesting continues whether that feature is enabled or disabled.
As Koi Security described it, users receive warnings about sharing sensitive data with AI providers while the extension simultaneously sends that same data to its own servers for resale. From a risk standpoint, the protection messaging functions more as cover than control.
The issue extends beyond a single extension. Koi Security identified identical AI interception logic in three other tools published by the same developer: 1ClickVPN Proxy, Urban Browser Guard, and Urban Ad Blocker. Combined, those extensions account for more than eight million installs across Chrome and Edge. Most carry “Featured” badges, signaling platform endorsement and quality review.
That badge carries weight. For many users, it represents an implicit trust signal from Google or Microsoft. Security teams often treat featured extensions as lower risk during audits. This case shows how easily that trust can be abused.
The broader takeaway is not limited to Urban VPN. AI chat interfaces now sit at the center of sensitive workflows. Users draft legal language, troubleshoot production systems, discuss health concerns, and disclose internal business context through these tools. Browser extensions operate at exactly the layer where that data passes in clear view.
Actively Exploited WinRAR Flaw Draws Multiple APT Groups and CISA Action
CISA has added a WinRAR vulnerability to its Known Exploited Vulnerabilities catalog following confirmation that multiple threat groups are actively abusing the flaw in real-world attacks.
The issue, tracked as CVE-2025-6218 and rated 7.8 on the CVSS scale, is a path traversal vulnerability in WinRAR for Windows. Successful exploitation allows an attacker to place files outside the intended extraction directory, opening a path to unintended code execution under the current user’s context. Exploitation hinges on user interaction, typically through opening a malicious archive delivered via phishing or visiting a hostile webpage.
RARLAB addressed the vulnerability in WinRAR version 7.12, released in June 2025. Only Windows builds are affected. Unix-based and Android versions remain unaffected.
At a technical level, the flaw enables attackers to write files into sensitive locations such as the Windows Startup folder or application template paths. This behavior can establish persistence that triggers execution on system startup or during normal application use, without relying on exploits that immediately draw attention from endpoint defenses.
Multiple security firms, including BI.ZONE, Foresiet, SecPod, and Synaptic Security, have documented exploitation by at least three distinct threat groups. The campaigns show consistent use of phishing-delivered RAR archives and deliberate targeting rather than indiscriminate mass distribution.
One set of attacks has been attributed to the Russian-linked group tracked as GOFFEE, also known as Paper Werewolf. BI.ZONE reported that the group combined CVE-2025-6218 with another WinRAR path traversal flaw, CVE-2025-8088, during phishing campaigns observed in July 2025. The activity focused on organizations inside Russia and relied on carefully crafted archives to place malicious files in execution paths.
The vulnerability has also been weaponized by the South Asia-focused Bitter APT, tracked as APT-C-08 or Manlinghua. Foresiet’s analysis shows the group using malicious RAR files that include a legitimate Word document alongside a malicious macro template. During extraction, the archive drops a weaponized Normal.dotm file into Microsoft Word’s global template directory.
Normal.dotm loads automatically every time Word is opened. By replacing the legitimate template, the attacker achieves persistent macro execution without relying on subsequent phishing emails or user interaction. This approach bypasses many email-based macro defenses since the malicious behavior occurs after the initial compromise.
Once persistence is established, Bitter deploys a lightweight downloader that retrieves a C# trojan from external infrastructure hosted at johnfashionaccess[.]com. The payload supports keylogging, screenshot collection, credential harvesting from RDP sessions, and file exfiltration. Campaign telemetry suggests spear-phishing remains the primary delivery method.
CVE-2025-6218 has also appeared in campaigns attributed to Gamaredon, a Russian state-aligned group known for sustained operations against Ukrainian government and military entities. In activity first observed in November 2025, the group used malicious WinRAR archives to deploy malware known as Pteranodon.
Researchers assessing the campaign described it as deliberate and mission-focused, aligning with military-oriented intelligence collection and disruption rather than opportunistic cybercrime. Follow-on analysis shows Gamaredon also abusing CVE-2025-8088 to deploy Visual Basic Script malware and a destructive wiper dubbed GamaWiper.
ClearSky assessed this activity as the first confirmed instance of Gamaredon engaging in destructive operations rather than its traditional espionage-focused tradecraft. That shift increases the risk profile of unpatched systems, particularly inside government and defense environments.
Given confirmed exploitation, CISA has directed Federal Civilian Executive Branch agencies to remediate affected WinRAR installations by December 30, 2025. Organizations outside the federal space should treat the timeline as a practical benchmark rather than a compliance formality.
How Can Netizen Help?
Founded in 2013, Netizen is an award-winning technology firm that develops and leverages cutting-edge solutions to create a more secure, integrated, and automated digital environment for government, defense, and commercial clients worldwide. Our innovative solutions transform complex cybersecurity and technology challenges into strategic advantages by delivering mission-critical capabilities that safeguard and optimize clients’ digital infrastructure. One example of this is our popular “CISO-as-a-Service” offering that enables organizations of any size to access executive level cybersecurity expertise at a fraction of the cost of hiring internally.
Netizen also operates a state-of-the-art 24x7x365 Security Operations Center (SOC) that delivers comprehensive cybersecurity monitoring solutions for defense, government, and commercial clients. Our service portfolio includes cybersecurity assessments and advisory, hosted SIEM and EDR/XDR solutions, software assurance, penetration testing, cybersecurity engineering, and compliance audit support. We specialize in serving organizations that operate within some of the world’s most highly sensitive and tightly regulated environments where unwavering security, strict compliance, technical excellence, and operational maturity are non-negotiable requirements. Our proven track record in these domains positions us as the premier trusted partner for organizations where technology reliability and security cannot be compromised.
Netizen holds ISO 27001, ISO 9001, ISO 20000-1, and CMMI Level III SVC registrations demonstrating the maturity of our operations. We are a proud Service-Disabled Veteran-Owned Small Business (SDVOSB) certified by U.S. Small Business Administration (SBA) that has been named multiple times to the Inc. 5000 and Vet 100 lists of the most successful and fastest-growing private companies in the nation. Netizen has also been named a national “Best Workplace” by Inc. Magazine, a multiple awardee of the U.S. Department of Labor HIRE Vets Platinum Medallion for veteran hiring and retention, the Lehigh Valley Business of the Year and Veteran-Owned Business of the Year, and the recipient of dozens of other awards and accolades for innovation, community support, working environment, and growth.
Looking for expert guidance to secure, automate, and streamline your IT infrastructure and operations? Start the conversation today.
