← All stories
● Covered by 1 source Β· 1 reportHigh impact

Google and Microsoft Remove ModHeader Extension After Hidden Data Collector Found

Aggregated by BrevFeed security Β· updated 4h ago
πŸ”– Save

Google and Microsoft have removed the ModHeader extension, with 1.6 million installs, after a dormant browsing-history collector was discovered within it. Although the collector was inactive, the potential for future data gathering raised significant privacy concerns.

Key points

Discovery of the Data Collector

Security firm Stripe OLT identified a hidden browsing-history collector within ModHeader's code. The extension, which allows users to edit HTTP headers, contained this collector in its official versions without user awareness.

Removal by Major Browsers

Following the discovery, Microsoft removed the ModHeader extension from Edge on July 3, 2023, and Google followed suit by pulling it from the Chrome Web Store on July 10. This swift action reflects a serious approach to user privacy and security.

Dormant Nature of the Collector

The collector was dormant due to an empty 'allow-list' that prevented it from activating. No evidence has surfaced indicating that any users' data was collected or sent, mitigating immediate privacy breaches.

Potential Risks and Future Implications

Experts caution that while the collector is inactive, a simple update could potentially activate it without user consent. The presence of this collector amplifies concerns about data privacy and the security of browser extensions.

✨ This summary was generated by AI from the outlets' reporting listed below. It is not independently verified and may contain errors β€” check the original sources. How BrevFeed works β†’

Reporting from

Google and Microsoft have removed the ModHeader extension, with 1.6 million installs, after a dormant browsing-history collector was discovered within it. Although the collector was inactive, the potential for future data gathering raised significant privacy concerns.