#browser_extension — Public Fediverse posts
Live and recent posts from across the Fediverse tagged #browser_extension, aggregated by home.social.
-
🎯 AI
===================Executive summary: Urban VPN Proxy, a Chrome extension with over 6 million users, was observed harvesting AI chat data across multiple platforms. The extension injects platform-specific executor scripts, overrides core browser network APIs, and forwards captured conversations to Urban VPN infrastructure.
Technical details:
• The extension deploys dedicated executor scripts (examples: chatgpt.js, claude.js, gemini.js) when targeted AI platform pages load.
• Injected code wraps and overrides fetch and XMLHttpRequest so all request and response payloads for the page flow through the extension first.
• Extracted fields include user prompts, model responses, conversation IDs, timestamps, session metadata, and the specific AI platform/model used.
• Inter-script messaging uses window.postMessage with an identifier PANELOS_MESSAGE to pass parsed data to the extension content script.
• The content script forwards packaged, compressed data to the background service worker, which transmits to endpoints such as analytics.urban-vpn.com and stats.urban-vpn.com.Analysis:
• The approach is highly invasive: overriding fetch/XMLHttpRequest captures both outgoing prompts and incoming model outputs before rendering, exposing full conversation context.
• Harvesting is independent of VPN functionality and enabled by hardcoded flags with no user-visible opt-out, increasing exposure risk for users who installed the extension for privacy reasons.Detection guidance:
• Monitor outbound connections to analytics.urban-vpn.com and stats.urban-vpn.com from browser processes.
• Inspect loaded extension scripts for executor filenames and for patterns overriding fetch/XMLHttpRequest and using window.postMessage with PANELOS_MESSAGE.Limitations:
• Public reporting indicates the extension targeted ten AI platforms; specific historical timeline details were not fully enumerated in the source.
• No CVE identifiers or named threat actor attribution were provided in the disclosed findings.References / Tags:
chatgpt.js, claude.js, PANELOS_MESSAGE, analytics.urban-vpn.com🔹 ai #privacy #browser_extension #data_exfiltration
🔗 Source: https://www.koi.ai/blog/urban-vpn-browser-extension-ai-conversations-data-collection
-
🎯 AI
===================Executive summary: Urban VPN Proxy, a Chrome extension with over 6 million users, was observed harvesting AI chat data across multiple platforms. The extension injects platform-specific executor scripts, overrides core browser network APIs, and forwards captured conversations to Urban VPN infrastructure.
Technical details:
• The extension deploys dedicated executor scripts (examples: chatgpt.js, claude.js, gemini.js) when targeted AI platform pages load.
• Injected code wraps and overrides fetch and XMLHttpRequest so all request and response payloads for the page flow through the extension first.
• Extracted fields include user prompts, model responses, conversation IDs, timestamps, session metadata, and the specific AI platform/model used.
• Inter-script messaging uses window.postMessage with an identifier PANELOS_MESSAGE to pass parsed data to the extension content script.
• The content script forwards packaged, compressed data to the background service worker, which transmits to endpoints such as analytics.urban-vpn.com and stats.urban-vpn.com.Analysis:
• The approach is highly invasive: overriding fetch/XMLHttpRequest captures both outgoing prompts and incoming model outputs before rendering, exposing full conversation context.
• Harvesting is independent of VPN functionality and enabled by hardcoded flags with no user-visible opt-out, increasing exposure risk for users who installed the extension for privacy reasons.Detection guidance:
• Monitor outbound connections to analytics.urban-vpn.com and stats.urban-vpn.com from browser processes.
• Inspect loaded extension scripts for executor filenames and for patterns overriding fetch/XMLHttpRequest and using window.postMessage with PANELOS_MESSAGE.Limitations:
• Public reporting indicates the extension targeted ten AI platforms; specific historical timeline details were not fully enumerated in the source.
• No CVE identifiers or named threat actor attribution were provided in the disclosed findings.References / Tags:
chatgpt.js, claude.js, PANELOS_MESSAGE, analytics.urban-vpn.com🔹 ai #privacy #browser_extension #data_exfiltration
🔗 Source: https://www.koi.ai/blog/urban-vpn-browser-extension-ai-conversations-data-collection
-
🎯 AI
===================Executive summary: Urban VPN Proxy, a Chrome extension with over 6 million users, was observed harvesting AI chat data across multiple platforms. The extension injects platform-specific executor scripts, overrides core browser network APIs, and forwards captured conversations to Urban VPN infrastructure.
Technical details:
• The extension deploys dedicated executor scripts (examples: chatgpt.js, claude.js, gemini.js) when targeted AI platform pages load.
• Injected code wraps and overrides fetch and XMLHttpRequest so all request and response payloads for the page flow through the extension first.
• Extracted fields include user prompts, model responses, conversation IDs, timestamps, session metadata, and the specific AI platform/model used.
• Inter-script messaging uses window.postMessage with an identifier PANELOS_MESSAGE to pass parsed data to the extension content script.
• The content script forwards packaged, compressed data to the background service worker, which transmits to endpoints such as analytics.urban-vpn.com and stats.urban-vpn.com.Analysis:
• The approach is highly invasive: overriding fetch/XMLHttpRequest captures both outgoing prompts and incoming model outputs before rendering, exposing full conversation context.
• Harvesting is independent of VPN functionality and enabled by hardcoded flags with no user-visible opt-out, increasing exposure risk for users who installed the extension for privacy reasons.Detection guidance:
• Monitor outbound connections to analytics.urban-vpn.com and stats.urban-vpn.com from browser processes.
• Inspect loaded extension scripts for executor filenames and for patterns overriding fetch/XMLHttpRequest and using window.postMessage with PANELOS_MESSAGE.Limitations:
• Public reporting indicates the extension targeted ten AI platforms; specific historical timeline details were not fully enumerated in the source.
• No CVE identifiers or named threat actor attribution were provided in the disclosed findings.References / Tags:
chatgpt.js, claude.js, PANELOS_MESSAGE, analytics.urban-vpn.com🔹 ai #privacy #browser_extension #data_exfiltration
🔗 Source: https://www.koi.ai/blog/urban-vpn-browser-extension-ai-conversations-data-collection
-
🎯 AI
===================Executive summary: Urban VPN Proxy, a Chrome extension with over 6 million users, was observed harvesting AI chat data across multiple platforms. The extension injects platform-specific executor scripts, overrides core browser network APIs, and forwards captured conversations to Urban VPN infrastructure.
Technical details:
• The extension deploys dedicated executor scripts (examples: chatgpt.js, claude.js, gemini.js) when targeted AI platform pages load.
• Injected code wraps and overrides fetch and XMLHttpRequest so all request and response payloads for the page flow through the extension first.
• Extracted fields include user prompts, model responses, conversation IDs, timestamps, session metadata, and the specific AI platform/model used.
• Inter-script messaging uses window.postMessage with an identifier PANELOS_MESSAGE to pass parsed data to the extension content script.
• The content script forwards packaged, compressed data to the background service worker, which transmits to endpoints such as analytics.urban-vpn.com and stats.urban-vpn.com.Analysis:
• The approach is highly invasive: overriding fetch/XMLHttpRequest captures both outgoing prompts and incoming model outputs before rendering, exposing full conversation context.
• Harvesting is independent of VPN functionality and enabled by hardcoded flags with no user-visible opt-out, increasing exposure risk for users who installed the extension for privacy reasons.Detection guidance:
• Monitor outbound connections to analytics.urban-vpn.com and stats.urban-vpn.com from browser processes.
• Inspect loaded extension scripts for executor filenames and for patterns overriding fetch/XMLHttpRequest and using window.postMessage with PANELOS_MESSAGE.Limitations:
• Public reporting indicates the extension targeted ten AI platforms; specific historical timeline details were not fully enumerated in the source.
• No CVE identifiers or named threat actor attribution were provided in the disclosed findings.References / Tags:
chatgpt.js, claude.js, PANELOS_MESSAGE, analytics.urban-vpn.com🔹 ai #privacy #browser_extension #data_exfiltration
🔗 Source: https://www.koi.ai/blog/urban-vpn-browser-extension-ai-conversations-data-collection
-
Show HN: Extension for full-text browser history search
https://rearview-ai.vercel.app/
#ycombinator #browser_extension #history_management #browsing_history #AI_assistant #full_text_search -
Show HN: Extension for full-text browser history search
https://rearview-ai.vercel.app/
#ycombinator #browser_extension #history_management #browsing_history #AI_assistant #full_text_search -
Show HN: Extension for full-text browser history search
https://rearview-ai.vercel.app/
#ycombinator #browser_extension #history_management #browsing_history #AI_assistant #full_text_search -
Show HN: Extension for full-text browser history search
https://rearview-ai.vercel.app/
#ycombinator #browser_extension #history_management #browsing_history #AI_assistant #full_text_search -
Microsoft again bothers Chrome users with Bing popup ads in Windows
https://www.bleepingcomputer.com/news/microsoft/microsoft-again-bothers-chrome-users-with-bing-popup-ads-in-windows/
#ycombinator #computers #windows #linux #mac #support #tech_support #spyware #malware #virus #security #Advertisement #Bing #Bing_Chat #Browser_Extension #Google #Google_Chrome #Microsoft #Search_Engine #virus_removal #malware_removal #computer_help #technical_support -
Automa – Automate the browser by connecting blocks
https://www.automa.site/
#ycombinator #chrome #google_chrome #extensions #automa #browser_extension #extension #chrome_extension -
Automa – Automate the browser by connecting blocks
https://www.automa.site/
#ycombinator #chrome #google_chrome #extensions #automa #browser_extension #extension #chrome_extension -
Automa – Automate the browser by connecting blocks
https://www.automa.site/
#ycombinator #chrome #google_chrome #extensions #automa #browser_extension #extension #chrome_extension