<p>Web browsers are critical gateways that enable an organization’s employees, partners and customers to access online resources, corporate systems, business applications and sensitive data, making their security a chief concern for organizations today.</p>
<p>The rise of hybrid work environments, increased reliance on SaaS applications and adoption of generative AI have made browsers more integral to business — and more vulnerable to threats — than ever.</p>
<p>”The 2025 Browser Security Report” from agentless AI and browser security vendor LayerX Security emphasized that browser extensions are organizations’ “largest unmanaged supply chain” and reported that GenAI now accounts for 32% of all corporate-to-personal data exfiltration, making it the leading vector for corporate data movement outside sanctioned environments.</p>
<p>Browsers are also a major attack vector. “2025 State of Browser Security Report” from enterprise browser vendor Keep Aware found that browser-based malware accounted for 70% of all observed malware events in the previous year.</p>
<p>Vendors have made significant strides in recent years to safeguard browsers, and <a href=”https://www.techtarget.com/searchsecurity/tip/Browser-detection-and-response-fills-gaps-in-security-programs”>specialized security software</a> can take browser security a step further. Yet browser security concerns remain, as evidenced by this week’s featured news stories.</p>
<section class=”section main-article-chapter” data-menu-title=”Privacy browser extension captures users’ AI chatbot conversations”>
<h2 class=”section-title”><i class=”icon” data-icon=”1″></i>Privacy browser extension captures users’ AI chatbot conversations</h2>
<p>The Urban VPN Proxy browser extension, popular for its privacy protection claims, has been found to harvest user data from interactions with eight popular AI chatbots, including ChatGPT and Claude.</p>
<p>Researchers at Koi Security revealed that since version 5.5.0, the Chrome and Edge browser extension injects scripts into targeted AI platforms to intercept and exfiltrate conversation data, including prompts, responses and metadata, to Urban VPN’s servers. This data collection operates independently of the VPN functionality and cannot be disabled without uninstalling the extension.</p>
<p>While Urban VPN, affiliated with data broker
[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.
Read the original article: