Google and Microsoft have removed the ModHeader extension, with 1.6 million installs, after a dormant browsing-history collector was discovered within it. Although the collector was inactive, the potential for future data gathering raised significant privacy concerns.
Security firm Stripe OLT identified a hidden browsing-history collector within ModHeader's code. The extension, which allows users to edit HTTP headers, contained this collector in its official versions without user awareness.
Following the discovery, Microsoft removed the ModHeader extension from Edge on July 3, 2023, and Google followed suit by pulling it from the Chrome Web Store on July 10. This swift action reflects a serious approach to user privacy and security.
The collector was dormant due to an empty 'allow-list' that prevented it from activating. No evidence has surfaced indicating that any users' data was collected or sent, mitigating immediate privacy breaches.
Experts caution that while the collector is inactive, a simple update could potentially activate it without user consent. The presence of this collector amplifies concerns about data privacy and the security of browser extensions.
β¨ This summary was generated by AI from the outlets' reporting listed below. It is not independently verified and may contain errors β check the original sources. How BrevFeed works β
Google and Microsoft have removed the ModHeader extension, with 1.6 million installs, after a dormant browsing-history collector was discovered within it. Although the collector was inactive, the potential for future data gathering raised significant privacy concerns.