Skip to content
  • Home
  • Cyber Map
  • About Us – Contact
  • Disclaimer
  • Terms and Rules
  • Privacy Policy
Cyber Web Spider Blog – News

Cyber Web Spider Blog – News

Globe Threat Map provides a real-time, interactive 3D visualization of global cyber threats. Monitor DDoS attacks, malware, and hacking attempts with geo-located arcs on a rotating globe. Stay informed with live logs and archive stats.

  • Home
  • Cyber Map
  • Cyber Security News
  • Security Week News
  • The Hacker News
  • How To?
  • Toggle search form
ModHeader Chrome Extension Pulled for Data Exfiltration Risk

ModHeader Chrome Extension Pulled for Data Exfiltration Risk

Posted on July 14, 2026 By CWS

A popular browser extension, ModHeader, was recently taken down from the Chrome Web Store following the discovery of hidden data exfiltration capabilities. Researchers identified that the extension’s signed release was equipped with features to potentially collect and encrypt users’ browsing domain data.

Extension’s Widespread Use and Permissions

With approximately 1.6 million installations across Chrome and Microsoft Edge, ModHeader is widely used by developers for adjusting HTTP request and response headers. While its extensive permissions are necessary for its primary function, they also allow it to interact with internet traffic and webpages accessed by users.

In version 7.0.18 of ModHeader, researchers found a code segment capable of collecting browsing history through the extension’s background service worker. This code was designed to extract URLs, encrypt them using a pre-set AES-GCM key, and store these encrypted records in IndexedDB.

Details of the Data Collection Mechanism

The data exfiltration mechanism used two storage solutions: a settings store for installation fingerprints and encryption data, and a temporary store for encrypted domain records and visit counters. It was structured to accumulate up to 1,000 unique domains before initiating an upload. This process also included a POST request routine aimed at transmitting data.

StripeOlt’s analysis revealed that the data payload comprised encrypted browsing data, device fingerprints, and browser specifics. The uploader was programmed to retry failed transmissions and delete locally stored data upon a successful upload, thereby minimizing forensic traces.

Implications and Response

Despite the concerning capabilities, researchers noted that the data collection feature was inactive due to an empty allow-list, meaning it did not execute in the current version. Nonetheless, the infrastructure for collection, encryption, and data transmission was already established and could be activated through a routine update without requesting additional permissions.

Additionally, the extension included telemetry functions connected to extensions-hub.com, which monitored install, update, and uninstall events. This communication with third-party infrastructure heightened concerns about user privacy.

In response, both Google and Microsoft removed ModHeader from their extension stores. Microsoft took action on July 3, and Google soon after labeled the extension as malware. Organizations are advised to search for the extension ID idgpnmonknjnojddfkpgkljpfnnfcklj, monitor relevant domains, and remove the extension from managed environments.

Conclusion and Recommendations

The incident underlines the ongoing risks within the browser supply chain. Although Chrome Web Store signatures validate an extension’s origin, they do not guarantee the safety of new capabilities introduced in updates. High-permission extensions should be managed like third-party software, with allowlists, periodic behavior reviews, and inventory monitoring.

Users who utilized ModHeader for API testing should reassess and rotate sensitive data previously used, such as API keys and session cookies. This event serves as a reminder of the necessity for stringent security measures and regular scrutiny of browser extensions.

Cyber Security News Tags:browser extensions, browser security, Chrome extension, Cybersecurity, data exfiltration, Encryption, Google Chrome, Malware, Microsoft Edge, ModHeader, privacy concerns, software update, Telemetry, user privacy, web security

Post navigation

Previous Post: U.S. Targets VPN and Cryptor Seller for Ransomware Aid
Next Post: xAI’s Grok Build Uploads Full Repositories to Cloud

Related Posts

MacOS Users Targeted by New Phishing Email Scam MacOS Users Targeted by New Phishing Email Scam Cyber Security News
MacOS Users Targeted by Infiniti Stealer Malware MacOS Users Targeted by Infiniti Stealer Malware Cyber Security News
Seven QNAP Zero-Day Vulnerabilities Exploited at Pwn2Own 2025 Now Patched Seven QNAP Zero-Day Vulnerabilities Exploited at Pwn2Own 2025 Now Patched Cyber Security News
Windows 11 24H2/25H2 Update Causes Task Manager to be Active After Closure Windows 11 24H2/25H2 Update Causes Task Manager to be Active After Closure Cyber Security News
PyPI Package Compromised by Malicious Scripts PyPI Package Compromised by Malicious Scripts Cyber Security News
Okta Security Releases Auth0 Event Logs for Proactive Threat Detection Okta Security Releases Auth0 Event Logs for Proactive Threat Detection Cyber Security News

Categories

  • Cyber Security News
  • How To?
  • Security Week News
  • The Hacker News

Recent Posts

  • Jscrambler Packages Compromised in Supply Chain Breach
  • xAI’s Grok Build Uploads Full Repositories to Cloud
  • ModHeader Chrome Extension Pulled for Data Exfiltration Risk
  • U.S. Targets VPN and Cryptor Seller for Ransomware Aid
  • Pentagon Reevaluates Cybersecurity Certification Strategy

Pages

  • About Us – Contact
  • Disclaimer
  • Privacy Policy
  • Terms and Rules

Archives

  • July 2026
  • June 2026
  • May 2026
  • April 2026
  • March 2026
  • February 2026
  • January 2026
  • December 2025
  • November 2025
  • October 2025
  • September 2025
  • August 2025
  • July 2025
  • June 2025
  • May 2025

Recent Posts

  • Jscrambler Packages Compromised in Supply Chain Breach
  • xAI’s Grok Build Uploads Full Repositories to Cloud
  • ModHeader Chrome Extension Pulled for Data Exfiltration Risk
  • U.S. Targets VPN and Cryptor Seller for Ransomware Aid
  • Pentagon Reevaluates Cybersecurity Certification Strategy

Pages

  • About Us – Contact
  • Disclaimer
  • Privacy Policy
  • Terms and Rules

Categories

  • Cyber Security News
  • How To?
  • Security Week News
  • The Hacker News

Copyright © 2026 Cyber Web Spider Blog – News.

Powered by PressBook Masonry Dark