Google and Microsoft Pull ModHeader With 1.6 Million Installs After Dormant Collector Found

Google and Microsoft Pull ModHeader With 1.6 Million Installs After Dormant Collector Found

Google and Microsoft removed ModHeader, a widely used header-editing extension, after researchers found a dormant browsing-history collector hidden inside its official store version. The code could have encrypted page domains and uploaded them to remote servers if an internal allow-list were ever populated, while additional tracking and call-home behavior was also discovered. #ModHeader #StripeOLT #Chrome #Edge

Keypoints

  • ModHeader was pulled from Chrome and Edge after a hidden history collector was found.
  • The collector was dormant because an empty allow-list kept it from activating.
  • The extension still gathered some metadata and pinged external domains on install and page loads.
  • Researchers confirmed the code was inside the genuine store-signed extension.
  • Defenders were advised to remove the extension, rotate exposed secrets, and block related domains.

Read More: https://thehackernews.com/2026/07/google-and-microsoft-pull-modheader.html