home.social

#browser_extension — Public Fediverse posts

Live and recent posts from across the Fediverse tagged #browser_extension, aggregated by home.social.

  1. 🎯 AI
    ===================

    Executive summary: Urban VPN Proxy, a Chrome extension with over 6 million users, was observed harvesting AI chat data across multiple platforms. The extension injects platform-specific executor scripts, overrides core browser network APIs, and forwards captured conversations to Urban VPN infrastructure.

    Technical details:
    • The extension deploys dedicated executor scripts (examples: chatgpt.js, claude.js, gemini.js) when targeted AI platform pages load.
    • Injected code wraps and overrides fetch and XMLHttpRequest so all request and response payloads for the page flow through the extension first.
    • Extracted fields include user prompts, model responses, conversation IDs, timestamps, session metadata, and the specific AI platform/model used.
    • Inter-script messaging uses window.postMessage with an identifier PANELOS_MESSAGE to pass parsed data to the extension content script.
    • The content script forwards packaged, compressed data to the background service worker, which transmits to endpoints such as analytics.urban-vpn.com and stats.urban-vpn.com.

    Analysis:
    • The approach is highly invasive: overriding fetch/XMLHttpRequest captures both outgoing prompts and incoming model outputs before rendering, exposing full conversation context.
    • Harvesting is independent of VPN functionality and enabled by hardcoded flags with no user-visible opt-out, increasing exposure risk for users who installed the extension for privacy reasons.

    Detection guidance:
    • Monitor outbound connections to analytics.urban-vpn.com and stats.urban-vpn.com from browser processes.
    • Inspect loaded extension scripts for executor filenames and for patterns overriding fetch/XMLHttpRequest and using window.postMessage with PANELOS_MESSAGE.

    Limitations:
    • Public reporting indicates the extension targeted ten AI platforms; specific historical timeline details were not fully enumerated in the source.
    • No CVE identifiers or named threat actor attribution were provided in the disclosed findings.

    References / Tags:
    chatgpt.js, claude.js, PANELOS_MESSAGE, analytics.urban-vpn.com

    🔹 ai #privacy #browser_extension #data_exfiltration

    🔗 Source: koi.ai/blog/urban-vpn-browser-

  2. 🎯 AI
    ===================

    Executive summary: Urban VPN Proxy, a Chrome extension with over 6 million users, was observed harvesting AI chat data across multiple platforms. The extension injects platform-specific executor scripts, overrides core browser network APIs, and forwards captured conversations to Urban VPN infrastructure.

    Technical details:
    • The extension deploys dedicated executor scripts (examples: chatgpt.js, claude.js, gemini.js) when targeted AI platform pages load.
    • Injected code wraps and overrides fetch and XMLHttpRequest so all request and response payloads for the page flow through the extension first.
    • Extracted fields include user prompts, model responses, conversation IDs, timestamps, session metadata, and the specific AI platform/model used.
    • Inter-script messaging uses window.postMessage with an identifier PANELOS_MESSAGE to pass parsed data to the extension content script.
    • The content script forwards packaged, compressed data to the background service worker, which transmits to endpoints such as analytics.urban-vpn.com and stats.urban-vpn.com.

    Analysis:
    • The approach is highly invasive: overriding fetch/XMLHttpRequest captures both outgoing prompts and incoming model outputs before rendering, exposing full conversation context.
    • Harvesting is independent of VPN functionality and enabled by hardcoded flags with no user-visible opt-out, increasing exposure risk for users who installed the extension for privacy reasons.

    Detection guidance:
    • Monitor outbound connections to analytics.urban-vpn.com and stats.urban-vpn.com from browser processes.
    • Inspect loaded extension scripts for executor filenames and for patterns overriding fetch/XMLHttpRequest and using window.postMessage with PANELOS_MESSAGE.

    Limitations:
    • Public reporting indicates the extension targeted ten AI platforms; specific historical timeline details were not fully enumerated in the source.
    • No CVE identifiers or named threat actor attribution were provided in the disclosed findings.

    References / Tags:
    chatgpt.js, claude.js, PANELOS_MESSAGE, analytics.urban-vpn.com

    🔹 ai #privacy #browser_extension #data_exfiltration

    🔗 Source: koi.ai/blog/urban-vpn-browser-

  3. 🎯 AI
    ===================

    Executive summary: Urban VPN Proxy, a Chrome extension with over 6 million users, was observed harvesting AI chat data across multiple platforms. The extension injects platform-specific executor scripts, overrides core browser network APIs, and forwards captured conversations to Urban VPN infrastructure.

    Technical details:
    • The extension deploys dedicated executor scripts (examples: chatgpt.js, claude.js, gemini.js) when targeted AI platform pages load.
    • Injected code wraps and overrides fetch and XMLHttpRequest so all request and response payloads for the page flow through the extension first.
    • Extracted fields include user prompts, model responses, conversation IDs, timestamps, session metadata, and the specific AI platform/model used.
    • Inter-script messaging uses window.postMessage with an identifier PANELOS_MESSAGE to pass parsed data to the extension content script.
    • The content script forwards packaged, compressed data to the background service worker, which transmits to endpoints such as analytics.urban-vpn.com and stats.urban-vpn.com.

    Analysis:
    • The approach is highly invasive: overriding fetch/XMLHttpRequest captures both outgoing prompts and incoming model outputs before rendering, exposing full conversation context.
    • Harvesting is independent of VPN functionality and enabled by hardcoded flags with no user-visible opt-out, increasing exposure risk for users who installed the extension for privacy reasons.

    Detection guidance:
    • Monitor outbound connections to analytics.urban-vpn.com and stats.urban-vpn.com from browser processes.
    • Inspect loaded extension scripts for executor filenames and for patterns overriding fetch/XMLHttpRequest and using window.postMessage with PANELOS_MESSAGE.

    Limitations:
    • Public reporting indicates the extension targeted ten AI platforms; specific historical timeline details were not fully enumerated in the source.
    • No CVE identifiers or named threat actor attribution were provided in the disclosed findings.

    References / Tags:
    chatgpt.js, claude.js, PANELOS_MESSAGE, analytics.urban-vpn.com

    🔹 ai #privacy #browser_extension #data_exfiltration

    🔗 Source: koi.ai/blog/urban-vpn-browser-

  4. 🎯 AI
    ===================

    Executive summary: Urban VPN Proxy, a Chrome extension with over 6 million users, was observed harvesting AI chat data across multiple platforms. The extension injects platform-specific executor scripts, overrides core browser network APIs, and forwards captured conversations to Urban VPN infrastructure.

    Technical details:
    • The extension deploys dedicated executor scripts (examples: chatgpt.js, claude.js, gemini.js) when targeted AI platform pages load.
    • Injected code wraps and overrides fetch and XMLHttpRequest so all request and response payloads for the page flow through the extension first.
    • Extracted fields include user prompts, model responses, conversation IDs, timestamps, session metadata, and the specific AI platform/model used.
    • Inter-script messaging uses window.postMessage with an identifier PANELOS_MESSAGE to pass parsed data to the extension content script.
    • The content script forwards packaged, compressed data to the background service worker, which transmits to endpoints such as analytics.urban-vpn.com and stats.urban-vpn.com.

    Analysis:
    • The approach is highly invasive: overriding fetch/XMLHttpRequest captures both outgoing prompts and incoming model outputs before rendering, exposing full conversation context.
    • Harvesting is independent of VPN functionality and enabled by hardcoded flags with no user-visible opt-out, increasing exposure risk for users who installed the extension for privacy reasons.

    Detection guidance:
    • Monitor outbound connections to analytics.urban-vpn.com and stats.urban-vpn.com from browser processes.
    • Inspect loaded extension scripts for executor filenames and for patterns overriding fetch/XMLHttpRequest and using window.postMessage with PANELOS_MESSAGE.

    Limitations:
    • Public reporting indicates the extension targeted ten AI platforms; specific historical timeline details were not fully enumerated in the source.
    • No CVE identifiers or named threat actor attribution were provided in the disclosed findings.

    References / Tags:
    chatgpt.js, claude.js, PANELOS_MESSAGE, analytics.urban-vpn.com

    🔹 ai #privacy #browser_extension #data_exfiltration

    🔗 Source: koi.ai/blog/urban-vpn-browser-