Skip to content
  • Home
  • Cyber Map
  • About Us – Contact
  • Disclaimer
  • Terms and Rules
  • Privacy Policy
Cyber Web Spider Blog – News

Cyber Web Spider Blog – News

Globe Threat Map provides a real-time, interactive 3D visualization of global cyber threats. Monitor DDoS attacks, malware, and hacking attempts with geo-located arcs on a rotating globe. Stay informed with live logs and archive stats.

  • Home
  • Cyber Map
  • Cyber Security News
  • Security Week News
  • The Hacker News
  • How To?
  • Toggle search form
ModHeader Browser Extension Removed by Google and Microsoft

ModHeader Browser Extension Removed by Google and Microsoft

Posted on July 13, 2026 By CWS

Google and Microsoft recently decided to remove the ModHeader extension, a widely used tool for editing HTTP headers, from their respective browsers. This decision affects approximately 1.6 million users across Chrome and Edge, following the discovery of a concealed data collection mechanism within the extension.

Discovery of the Hidden Collector

Security experts at Stripe OLT, a UK-based firm, identified the dormant collector embedded in the ModHeader extension. The collector was initially inactive due to an empty allow-list, preventing it from gathering any browsing data. Although the collector was present, there is no evidence to suggest it ever collected or transmitted user information.

The extension, which had over 900,000 users on Chrome and around 700,000 on Edge, was pulled from the Chrome Web Store on July 10, following Microsoft’s removal from the Edge store on July 3. The discovery raised concerns about user privacy, despite the tool operating as intended without activating the data collection feature.

Technical Analysis and Security Concerns

Version 7.0.18 of ModHeader contained code that could potentially collect and encrypt browsing domains, storing them locally before transmitting the encrypted data to a remote server. This process would occur daily, with the extension creating a unique device fingerprint. Although the collection mechanism was inactive, its presence in the codebase posed a potential threat to user privacy.

Further investigations by HackIndex and Yunus Aydin confirmed the findings. Despite the collector being dormant, the extension also communicated with another domain, logging request metadata without user consent. These issues highlighted the risks associated with seemingly legitimate extensions harboring hidden capabilities.

Implications and Recommendations for Users

The case of ModHeader underscores the importance of vigilance in the use of browser extensions. Users are advised to remove ModHeader from their browsers to ensure data security. Additionally, any sensitive information that may have been input into the extension, such as API keys or session cookies, should be rotated immediately.

For organizations, it is crucial to block access to related domains like stanfordstudies[.]com and extensions-hub[.]com at the network level. Employing security tools to monitor for suspicious activity related to the extension can further mitigate potential risks.

Conclusion and Future Outlook

This incident highlights the potential for seemingly benign browser extensions to evolve into privacy threats. The ability for a routine update to activate dormant code is a significant concern, emphasizing the need for robust extension review processes. As the digital landscape continues to evolve, vigilance and proactive security measures remain essential to safeguard user data.

The Hacker News Tags:browser extension, Chrome, Cybersecurity, data collection, Edge, Encryption, Google, Malware, Microsoft, ModHeader, Privacy, Security, Stripe OLT, tech news, web browsers

Post navigation

Previous Post: Torq and Criminal IP Enhance SOC with Threat Intelligence
Next Post: Turla Hackers Exploit SharePoint Vulnerability in France

Related Posts

New RFP Guide Enhances AI Governance and Security New RFP Guide Enhances AI Governance and Security The Hacker News
Brazil Hit by Banking Trojan Spread via WhatsApp Worm and RelayNFC NFC Relay Fraud Brazil Hit by Banking Trojan Spread via WhatsApp Worm and RelayNFC NFC Relay Fraud The Hacker News
Insights from 160 Million Attack Simulations Insights from 160 Million Attack Simulations The Hacker News
Meta to End Instagram Encrypted Chats by May 2026 Meta to End Instagram Encrypted Chats by May 2026 The Hacker News
Apple Urges iOS Update to Combat Exploit Kit Threats Apple Urges iOS Update to Combat Exploit Kit Threats The Hacker News
Critical Flaw in LMS Exploited for Cyber Attacks Critical Flaw in LMS Exploited for Cyber Attacks The Hacker News

Categories

  • Cyber Security News
  • How To?
  • Security Week News
  • The Hacker News

Recent Posts

  • AI ‘Intelligent Worm’ Threatens Cybersecurity Evolution
  • CISA Alerts on Vulnerabilities in Joomla Extensions
  • AI Systems Under Siege by Internet Scans: MCP Servers at Risk
  • AI-Powered Scripts Exploit Active Directory Vulnerabilities
  • Turla Hackers Exploit SharePoint Vulnerability in France

Pages

  • About Us – Contact
  • Disclaimer
  • Privacy Policy
  • Terms and Rules

Archives

  • July 2026
  • June 2026
  • May 2026
  • April 2026
  • March 2026
  • February 2026
  • January 2026
  • December 2025
  • November 2025
  • October 2025
  • September 2025
  • August 2025
  • July 2025
  • June 2025
  • May 2025

Recent Posts

  • AI ‘Intelligent Worm’ Threatens Cybersecurity Evolution
  • CISA Alerts on Vulnerabilities in Joomla Extensions
  • AI Systems Under Siege by Internet Scans: MCP Servers at Risk
  • AI-Powered Scripts Exploit Active Directory Vulnerabilities
  • Turla Hackers Exploit SharePoint Vulnerability in France

Pages

  • About Us – Contact
  • Disclaimer
  • Privacy Policy
  • Terms and Rules

Categories

  • Cyber Security News
  • How To?
  • Security Week News
  • The Hacker News

Copyright © 2026 Cyber Web Spider Blog – News.

Powered by PressBook Masonry Dark