Is Urban VPN Proxy safe to use?

Urban VPN Proxy has a risk level of CRITICAL with an overall risk score of 8.2/10. Our scan detected 91 security findings. This extension has significant security concerns — review the full report before installing.

What permissions does Urban VPN Proxy request?

Urban VPN Proxy requests the following permissions: webRequestAuthProvider, offscreen, alarms, management, proxy, scripting, storage, tabs, webNavigation, webRequest, privacy. It also requests host access to: , https://*.bugsnag.com/*, https://*/*, http://*/*.

What is Urban VPN Proxy's risk score?

Urban VPN Proxy has an overall risk score of 8.2/10 (CRITICAL). Breakdown: Permissions 8.5/10, Code 10.0/10, Combinations 10.0/10, CSP 7.1/10.

ExtSafe

Urban VPN ProxySecurity Analysis

Chromev5.12.0MV3March 16, 2026 at 08:24 PM

Dangerous

This extension exhibits behaviors commonly associated with malware. Installation is not recommended.

Known Security Incidents(1)

Critical2025-01Active

Harvesting AI chat data and selling to brokers

Urban VPN was caught intercepting and collecting user conversations with AI chatbots, then selling this data to third-party data brokers.

8.2CRITICAL

8.2 CRITICALRaw: 9.1

This extension shows critical risk indicators. It requests highly sensitive permissions combined with suspicious code patterns. Proceed with extreme caution.

Based on 15 permissions including high-risk ones, 80 code findings, 4 dangerous combinations.

Trust Signals(2.0/10)

Rating

3.7(61K reviews)

Dangerous Combinations(4)

MEDIUMTab tracking API + external communication

Extension uses tab tracking APIs (onUpdated/query) and communicates with external servers — potential browsing surveillance.

tabs+tabs API usage + external network

CRITICALNetwork interception + external communication

Extension intercepts network traffic and sends data externally — potential man-in-the-middle behavior.

webRequest/webRequestBlocking+external network request

CRITICALExtension management + dynamic code execution

Extension manages other extensions and executes dynamic code — behavior consistent with malware dropper.

management+eval/Function/dynamic code

CRITICALAll-sites access + keyboard capture

Extension has access to all sites and captures keyboard input — behavior consistent with a keylogger.

<all_urls>+keylogger_pattern

Permissions

8.5/10

Code

10.0/10

Combinations

10.0/10

Manifest/CSP

7.1/10

Permissions(15 analyzed)

Code Findings(27 patterns, 80 total)

Content Security Policy

No CSP Defined(1 issue)

MEDIUM

N/ANo CSP defined

This extension does not define a Content Security Policy. A CSP helps prevent XSS and code injection attacks.

Manifest Analysis(5 findings)

Resolved from __MSG_* i18n placeholders:

Name: Urban VPN Proxy

Description: Get the best secured Free VPN access to any website, and unblock content with Urban VPN

MEDIUM

web_accessible_resources.matchesOverly broad match patterns

Web-accessible resources use <all_urls> or wildcard patterns, exposing resources to every website.

MEDIUM

web_accessible_resourcesJS files exposed to web pages

JavaScript files are exposed as web-accessible resources. Matched websites can load and interact with extension scripts.

HIGH

web_accessible_resourcesJS files exposed to web pages

JavaScript files are accessible to ALL websites. Any page can load and interact with these scripts, enabling web→extension attacks.

MEDIUM

web_accessible_resources.matchesOverly broad match patterns

Web-accessible resources use <all_urls> or wildcard patterns, exposing resources to every website.

MEDIUM

web_accessible_resources.matchesOverly broad match patterns

Web-accessible resources use <all_urls> or wildcard patterns, exposing resources to every website.

External Domains(11)

${d*ai-user-protection.urban-vpn.comanalytics-toolbar.urban-vpn.comauthentication.urban-vpn.comgithub.comvuejs.orgwww.facebook.comwww.instagram.comwww.tiktok.comwww.twitch.tv