πŸ“¦

Urban Vpn Proxy

πŸ” Security Report Available
πŸ‘₯ 45M+ users
πŸ“¦ v5.11.9
πŸ’Ύ 7.08MiB
πŸ“… 2026-02-20
View on Chrome Web Store

Chrome will indicate if you already have this installed.

Overview

Get the best secured Free VPN access to any website, and unblock content with Urban VPN

Tags

Make Chrome Yours/privacy privacy make chrome yours/privacy

Privacy Practices

βœ… Does not sell your data to third parties
βœ… Does not use data for unrelated purposes

Security Analysis

Analyzed v5.11.9 Β· Feb 21, 2026 Β· 27 JS files Β· 21198 KB scanned

Permissions

webRequestAuthProvider offscreen alarms management proxy scripting storage tabs webNavigation webRequest privacy <all_urls> https://*.bugsnag.com/*

Code Patterns Detected

innerHTML assignment β€” potential XSS vector Makes HTTP requests

External Connections

www.w3.org v3-migration.vuejs.org github.com vuejs.org api-pro.urban-vpn.com meyerweb.com authentication.urban-vpn.com anti-phishing-protection.urban-vpn.com www.urban-vpn.com tinyurl.com www.cloudflare.com notify.bugsnag.com +8 more

Package Contents 350 files Β· 24.2MB

β–ΎπŸ“_locales2KB
β–ΎπŸ“de
{}messages.json181B
β–ΎπŸ“en
{}messages.json181B
β–ΎπŸ“es
{}messages.json181B
β–ΎπŸ“fr
{}messages.json181B
β–ΎπŸ“id
{}messages.json181B
β–ΎπŸ“ja
{}messages.json181B
β–ΎπŸ“nl
{}messages.json181B
β–ΎπŸ“pt_BR
{}messages.json181B
β–ΎπŸ“ru
{}messages.json181B
β–ΎπŸ“tr
{}messages.json181B
β–ΎπŸ“zh_CN
{}messages.json181B
β–ΎπŸ“_metadata47KB
{}verified_contents.json47KB
β–ΎπŸ“ad-blocker420KB
πŸ“œbackground.js177KBlarge
πŸ“œcontent.js243KBlarge
β–ΎπŸ“content13.6MB
β–ΎπŸ“anti-male-ware-notification3.4MB
πŸ“œbuild.js3.4MBlarge
🌐index.html178B
β–ΎπŸ“location7KB
πŸ“œlocation.js7KB
β–ΎπŸ“safe-price-check-notification3.3MB
πŸ“œbuild.js3.3MBlarge
🌐index.html267B
β–ΎπŸ“terminated-connection-notification3.4MB
πŸ“œbuild.js3.4MBlarge
🌐index.html281B
β–ΎπŸ“vpn-notification3.3MB
πŸ“œbuild.js3.3MBlarge
🌐index.html160B
πŸ“œcontent.js151KBlarge
β–ΎπŸ“executors57KB
πŸ“œ100.js5KB
πŸ“œ101.js3KB
πŸ“œ200.js2KB
πŸ“œ301.js9KB
πŸ“œ302.js20KB
πŸ“œ303.js2KB
πŸ“œ304.js3KB
πŸ“œ304j.js2KB
πŸ“œ305.js5KB
πŸ“œ306.js3KB
πŸ“œ307.js2KB
πŸ“œ308.js2KB
β–ΎπŸ“icons28KB
πŸ–Όanimation-frame-1.png716B
πŸ–Όanimation-frame-2.png646B
πŸ–Όicon-blue-16.png731B
πŸ–Όicon-pink-128.png12KB
πŸ–Όicon-pink-16.png12KB
πŸ–Όicon-pink-48.png3KB
β–ΎπŸ“libs271KB
πŸ“œextend-native-history-api.js2KB
πŸ“œprocessor.js264KBlarge
πŸ“œrequests.js5KB
β–ΎπŸ“offscreen3KB
🌐index.html67B
πŸ“œoffscreen.js900B
πŸ“œworker.js2KB
β–ΎπŸ“popup3.9MB
πŸ“œbuild.js3.9MBlarge
🌐index.html148B
β–ΎπŸ“public3.4MB
β–ΎπŸ“fonts180KB
πŸ”€Aileron-bold.otf29KB
πŸ”€Aileron.otf27KB
πŸ”€Satoshi-Variable.ttf124KB
β–ΎπŸ“sprites3.2MB
β–ΎπŸ“flags3.1MB
β–ΎπŸ“svg3.1MB
πŸ–Όad.svg55KB
πŸ–Όae.svg257B
πŸ–Όaf.svg33KB
πŸ–Όag.svg902B
πŸ–Όai.svg54KB
πŸ–Όal.svg5KB
πŸ–Όam.svg226B
πŸ–Όao.svg2KB
πŸ–Όaq.svg4KB
πŸ–Όar.svg4KB
πŸ–Όas.svg11KB
πŸ–Όat.svg251B
πŸ–Όau.svg2KB
πŸ–Όaw.svg14KB
πŸ–Όax.svg563B
πŸ–Όaz.svg555B
πŸ–Όba.svg1KB
πŸ–Όbb.svg767B
πŸ–Όbd.svg193B
πŸ–Όbe.svg318B
πŸ–Όbf.svg435B
πŸ–Όbg.svg305B
πŸ–Όbh.svg610B
πŸ–Όbi.svg1KB
πŸ–Όbj.svg503B
πŸ–Όbl.svg315B
πŸ–Όbm.svg31KB
πŸ–Όbn.svg21KB
πŸ–Όbo.svg186KB
πŸ–Όbq.svg227B
πŸ–Όbr.svg12KB
πŸ–Όbs.svg596B
πŸ–Όbt.svg41KB
πŸ–Όbv.svg635B
πŸ–Όbw.svg273B
πŸ–Όby.svg9KB
πŸ–Όbz.svg76KB
πŸ–Όca.svg934B
πŸ–Όcc.svg4KB
πŸ–Όcd.svg352B
πŸ–Όcf.svg757B
πŸ–Όcg.svg492B
πŸ–Όch.svg324B
πŸ–Όci.svg292B
πŸ–Όck.svg3KB
πŸ–Όcl.svg623B
πŸ–Όcm.svg847B
πŸ–Όcn.svg848B
πŸ–Όco.svg292B
πŸ–Όcr.svg303B
πŸ–Όcu.svg670B
πŸ–Όcv.svg2KB
πŸ–Όcw.svg705B
πŸ–Όcx.svg3KB
πŸ–Όcy.svg10KB
πŸ–Όcz.svg489B
πŸ–Όde.svg220B
πŸ–Όdj.svg629B
πŸ–Όdk.svg249B
πŸ–Όdm.svg20KB
πŸ–Όdo.svg456KB
πŸ–Όdz.svg301B
πŸ–Όec.svg38KB
πŸ–Όee.svg324B
πŸ–Όeg.svg16KB
πŸ–Όeh.svg1KB
πŸ–Όer.svg5KB
πŸ–Όes.svg142KB
πŸ–Όet.svg2KB
πŸ–Όeu.svg1KB
πŸ–Όfi.svg253B
πŸ–Όfj.svg43KB
πŸ–Όfk.svg43KB
πŸ–Όfm.svg936B
πŸ–Όfo.svg638B
πŸ–Όfr.svg301B
πŸ–Όga.svg285B
πŸ–Όgb-eng.svg241B
πŸ–Όgb-nir.svg34KB
πŸ–Όgb-sct.svg230B
πŸ–Όgb-wls.svg14KB
πŸ–Όgb.svg956B
πŸ–Όgd.svg2KB
πŸ–Όge.svg2KB
πŸ–Όgf.svg276B
πŸ–Όgg.svg621B
πŸ–Όgh.svg300B
πŸ–Όgi.svg4KB
πŸ–Όgl.svg650B
πŸ–Όgm.svg558B
πŸ–Όgn.svg310B
πŸ–Όgp.svg301B
πŸ–Όgq.svg6KB
πŸ–Όgr.svg819B
πŸ–Όgs.svg45KB
πŸ–Όgt.svg58KB
πŸ–Όgu.svg6KB
πŸ–Όgw.svg816B
πŸ–Όgy.svg573B
πŸ–Όhk.svg4KB
πŸ–Όhm.svg2KB
πŸ–Όhn.svg1KB
πŸ–Όhr.svg78KB
πŸ–Όht.svg22KB
πŸ–Όhu.svg316B
πŸ–Όid.svg252B
πŸ–Όie.svg321B
πŸ–Όil.svg1KB
πŸ–Όim.svg15KB
πŸ–Όin.svg1KB
πŸ–Όio.svg36KB
πŸ–Όiq.svg2KB
πŸ–Όir.svg21KB
πŸ–Όis.svg550B
πŸ–Όit.svg317B
πŸ–Όje.svg7KB
πŸ–Όjm.svg417B
πŸ–Όjo.svg823B
πŸ–Όjp.svg501B
πŸ–Όke.svg1KB
πŸ–Όkg.svg5KB
πŸ–Όkh.svg11KB
πŸ–Όki.svg7KB
πŸ–Όkm.svg1KB
πŸ–Όkn.svg956B
πŸ–Όkp.svg990B
πŸ–Όkr.svg2KB
πŸ–Όkw.svg515B
πŸ–Όky.svg33KB
πŸ–Όkz.svg17KB
πŸ–Όla.svg477B
πŸ–Όlb.svg4KB
πŸ–Όlc.svg403B
πŸ–Όli.svg12KB
πŸ–Όlk.svg17KB
πŸ–Όlr.svg829B
πŸ–Όls.svg2KB
πŸ–Όlt.svg477B
πŸ–Όlu.svg231B
πŸ–Όlv.svg252B
πŸ–Όly.svg537B
πŸ–Όma.svg272B
πŸ–Όmc.svg240B
πŸ–Όmd.svg14KB
πŸ–Όme.svg106KB
πŸ–Όmf.svg301B
πŸ–Όmg.svg310B
πŸ–Όmh.svg1008B
πŸ–Όmk.svg395B
πŸ–Όml.svg288B
πŸ–Όmm.svg857B
πŸ–Όmn.svg2KB
πŸ–Όmo.svg2KB
πŸ–Όmp.svg34KB
πŸ–Όmq.svg298B
πŸ–Όmr.svg923B
πŸ–Όms.svg8KB
πŸ–Όmt.svg13KB
πŸ–Όmu.svg312B
πŸ–Όmv.svg292B
πŸ–Όmw.svg6KB
πŸ–Όmx.svg158KB
πŸ–Όmy.svg2KB
πŸ–Όmz.svg3KB
πŸ–Όna.svg1KB
πŸ–Όnc.svg317B
πŸ–Όne.svg279B
πŸ–Όnf.svg9KB
πŸ–Όng.svg287B
πŸ–Όni.svg28KB
πŸ–Όnl.svg373B
πŸ–Όno.svg324B
πŸ–Όnp.svg1KB
πŸ–Όnr.svg811B
πŸ–Όnu.svg2KB
πŸ–Όnz.svg3KB
πŸ–Όom.svg29KB
πŸ–Όpa.svg879B
πŸ–Όpe.svg261B
πŸ–Όpf.svg7KB
πŸ–Όpg.svg2KB
πŸ–Όph.svg1KB
πŸ–Όpk.svg910B
πŸ–Όpl.svg225B
πŸ–Όpm.svg317B
πŸ–Όpn.svg15KB
πŸ–Όpr.svg709B
πŸ–Όps.svg597B
πŸ–Όpt.svg12KB
πŸ–Όpw.svg489B
πŸ–Όpy.svg26KB
πŸ–Όqa.svg414B
πŸ–Όre.svg317B
πŸ–Όro.svg320B
πŸ–Όrs.svg184KB
πŸ–Όru.svg297B
πŸ–Όrw.svg793B
πŸ–Όsa.svg16KB
πŸ–Όsb.svg1KB
πŸ–Όsc.svg579B
πŸ–Όsd.svg501B
πŸ–Όse.svg765B
πŸ–Όsg.svg1KB
πŸ–Όsh.svg48KB
πŸ–Όsi.svg3KB
πŸ–Όsj.svg324B
πŸ–Όsk.svg2KB
πŸ–Όsl.svg286B
πŸ–Όsm.svg22KB
πŸ–Όsn.svg485B
πŸ–Όso.svg546B
πŸ–Όsr.svg331B
πŸ–Όss.svg399B
πŸ–Όst.svg822B
πŸ–Όsv.svg127KB
πŸ–Όsx.svg19KB
πŸ–Όsy.svg651B
πŸ–Όsz.svg9KB
πŸ–Όtc.svg19KB
πŸ–Όtd.svg288B
πŸ–Όtf.svg1KB
πŸ–Όtg.svg831B
πŸ–Όth.svg300B
πŸ–Όtj.svg2KB
πŸ–Όtk.svg791B
πŸ–Όtl.svg658B
πŸ–Όtm.svg44KB
πŸ–Όtn.svg972B
πŸ–Όto.svg385B
πŸ–Όtr.svg688B
πŸ–Όtt.svg365B
πŸ–Όtv.svg3KB
πŸ–Όtw.svg1KB
πŸ–Όtz.svg570B
πŸ–Όua.svg241B
πŸ–Όug.svg5KB
πŸ–Όum.svg7KB
πŸ–Όun.svg30KB
πŸ–Όus.svg6KB
πŸ–Όus_fast.svg6KB
πŸ–Όuy.svg2KB
πŸ–Όuz.svg1KB
πŸ–Όva.svg111KB
πŸ–Όvc.svg518B
πŸ–Όve.svg1KB
πŸ–Όvg.svg34KB
πŸ–Όvi.svg12KB
πŸ–Όvn.svg548B
πŸ–Όvu.svg6KB
πŸ–Όwf.svg310B
πŸ–Όws.svg901B
πŸ–Όxk.svg15KB
πŸ–Όye.svg287B
πŸ–Όyt.svg317B
πŸ–Όza.svg1KB
πŸ–Όzm.svg8KB
πŸ–Όzw.svg3KB
πŸ–ΌQR_dev.png28KB
πŸ–ΌQR_prod.png28KB
πŸ–Όandroid.svg2KB
πŸ–Όarrow.svg660B
πŸ–Όbin.svg540B
πŸ–Όcheckmark.svg561B
πŸ–Όclose.svg842B
πŸ–Όeula.svg1KB
πŸ–Όhamburger.svg1KB
πŸ–Όinfo.svg1KB
πŸ–Όinterruption.svg4KB
πŸ–Όinvite_friends.svg16KB
πŸ–Όinvite_friends_btn.svg1KB
πŸ–Όios.svg1KB
πŸ–Όloader.svg2KB
πŸ–Όloading_btn.svg4KB
πŸ–Όlogo-legacy.svg3KB
πŸ–Όlogo.svg3KB
πŸ–Όlogo_with_text.svg9KB
πŸ–Όmacos.svg2KB
πŸ–Όno-internet.svg3KB
πŸ–Όpause.svg413B
πŸ–Όplay.svg364B
πŸ–Όprivacy_policy.svg2KB
πŸ–Όproducts.svg2KB
πŸ–Όreport_issue.svg2KB
πŸ–Όrocket.svg2KB
πŸ–Όsearch.svg877B
πŸ–Όshield-background--init.png16KB
πŸ–Όshield-shadow--pink.svg603B
πŸ–Όshield-shadow.svg578B
πŸ–Όshield.svg2KB
πŸ–Όspider.svg3KB
πŸ–Όstars.svg4KB
πŸ–Όtemporary_unavailable.svg2KB
πŸ–Όurban-text.svg7KB
πŸ–Όwhere.svg3KB
πŸ–Όwindows.svg1KB
β–ΎπŸ“service-worker2.5MB
πŸ“œindex.js2.5MBlarge
{}manifest.json2KB

What This Extension Does

The Urban VPN Proxy extension claims to provide a free VPN service, allowing users to access blocked content on the web.

Permissions Explained

  • webRequestAuthProvider: Allows the extension to authenticate and authorize requests made by the user.
- Standard for VPN extensions.
  • offscreen: Enables the extension to run in the background even when not visible.
- Unusual; typically used for tasks that don't require a UI, but this could be necessary for VPN functionality.
  • alarms: Allows the extension to schedule and manage alarms (e.g., notifications).
- Standard for extensions with user-facing features.
  • management: Grants the extension permission to manage other extensions or browser settings.
- Unusual; typically used by browser management tools, not VPNs.
  • proxy: Enables the extension to act as a proxy server for web requests.
- Expected for a VPN extension.
  • scripting: Allows the extension to execute scripts in the context of web pages.
- Standard for extensions that interact with web content.
  • storage: Grants the extension permission to store data locally on the user's device.
- Standard for extensions that need to remember settings or cache data.
  • tabs: Enables the extension to access and manipulate tabs in the browser.
- Standard for extensions that interact with web pages.
  • webNavigation: Allows the extension to observe and modify navigation events (e.g., page loads).
- Expected for a VPN extension, as it needs to intercept and redirect traffic.
  • webRequest: Enables the extension to inspect and modify web requests made by the user.
- Expected for a VPN extension.
  • privacy: Grants the extension permission to access privacy-related features of the browser.
- Unusual; typically used by extensions that focus on privacy, not VPNs.
  • <all_urls>: Allows the extension to access all URLs, including those with sensitive information.
- Critical risk due to its broad scope and potential for misuse.
  • https://*.bugsnag.com/*: Grants the extension permission to communicate with Bugsnag's servers.
- Expected for an extension that uses Bugsnag for error reporting.

What We Found in the Code

  • innerHTML assignment: This flag is likely a normal coding pattern, as innerHTML can be used safely when rendering UI elements from trusted sources. However, it could potentially introduce an XSS vector if user-provided data is not properly sanitized.
  • Makes HTTP requests: This is a standard behavior for extensions that need to communicate with servers or APIs.

External Connections

The extension communicates with the following domains:
  • www.w3.org, v3-migration.vuejs.org, github.com, vuejs.org (likely for development or dependency purposes)
  • api-pro.urban-vpn.com, authentication.urban-vpn.com, anti-phishing-protection.urban-vpn.com, www.urban-vpn.com (expected for VPN functionality and user authentication)
  • tinyurl.com, www.cloudflare.com (likely for URL shortening or CDN services)
  • notify.bugsnag.com (expected for error reporting)

Things to Consider

Given the extension's purpose, it seems that some permissions are expected (e.g., proxy, webRequest). However, others seem broader than necessary (e.g., management, privacy). The critical risk associated with <all_urls> is concerning, as this permission could potentially be used for malicious purposes. Users should carefully evaluate whether an extension with such broad access to their browsing data is necessary and trustworthy.
πŸ“¦

Online Security

12M+ users
Powering your web experience with a reliable, endpoint protection layer.
Make Chrome Yours/privacy
Block malware, scams, phishing and trackers for safer, faster browsing.
Make Chrome Yours/privacy
Connect to the fastest VPN out there β€” NordVPN. Hide your IP, block ads, and be safer online with our VPN proxy extensio…
Make Chrome Yours/privacy
πŸ“¦
At home, at work, or on the go, Bitwarden easily secures all your passwords, passkeys, and sensitive information
Make Chrome Yours/privacy