The Hacker News reported this week (15 December 2025) that "security researchers (have) exposed a cybercrime campaign that has (hitherto) quietly hijacked popular Chrome and Edge browser extensions" used by some 4.3 million users worldwide.
A "threat group" spent seven years publishing harmless browser extensions, letting them "run clean to build trust and gain millions of installs", then suddenly "flipping them into malware via silent updates."
The Hacker News separately reported (also 15 December 2025) that a Chrome browser extension with a "Featured" badge and six million users has been observed silently gathering every prompt entered by users' AI chats.
The extension called Urban VPN Proxy is advertised as the "best secured Free VPN access to any website" and has a 4.7 rating in the Google Chrome Web Store.
In August 2025, another Chrome extension is reported to have been observed collecting screenshots, system information, and users' locations.
Read more: Featured Chrome browser extension caught intercepting millions of users' AI chats
Read more: A Browser Extension Risk Guide
How should you respond?
Are free VPN extensions too good to be true?
Probably.
In theory any browser extension could be similarly exploited.
So keep your use of browser extensions to the absolute minimum.
And look out for suspicious behaviour in your browser.
If an extension you installed a long time ago suddenly starts to behave differently (example, unexpected pop-ups, performance issues) then consider that it may have received a malicious update.
If you suspect foul play then uninstall the extension.
Better still, uninstall and reinstall the latest release of the browser application.
Finally, don't assume that a "Featured" badge in an online marketplace and millions of existing users means an extension may not at some future date be harmful.
About The Hacker News
"The Hacker News (THN) stands as a top and reliable source for the latest updates in cybersecurity. As an independent outlet, we offer balanced and thorough insights into the cybersecurity sector, trusted by professionals and enthusiasts alike."
Subscribe to The Hacker News newsletter when you visit the following link.
And keep up to speed with the latest security threats affecting your Operating System, Web Browser and Website.
Read more: About 'The Hacker News' Media
More about WYNCHCO Solutions
Our Mission
Ken Edwards - Company Founder
We help and support managers responsible for Joomla! CMS websites in UK business and third sector organisations which subscribe to WYNCHCO Joomla! CMS Help and Support.
We support organisations in Cheshire, Manchester, Merseyside, and the North West region from our office in Warrington. If you are based in the UK but outside the North West, we can still help.
Our Mission is to put you in control of your website.
We enjoy keeping up-to-date with the latest Joomla! developments, trends and best practices and sharing our expertise with you to help you more effectively manage your Joomla! CMS website.
We work hard to develop and maintain long-lasting customer relationships.
The WYNCHCO Customer Care Code
We aim to deliver excellent support to our customers at all times.
We pride ourselves on building long-standing close-working relationships with our customers.
Key words
- Collaboration.
- Flexibility.
- Shared Purpose.
- Trust.
Our commitment
To provide you with:
- accurate and up-to-date product information,
- helpful solutions to support requests,
- transparent invoicing,
- SSL encryption when you visit our website.
To monitor our services to ensure optimal performance.
To safeguard your personal data.
To resolve your concerns promptly and professionally.
To pay our suppliers promptly and in return ask that our customers do the same.
