Google and Microsoft Pull ModHeader With 1.6 Million Installs After Dormant Collector Found
- Posted on July 13, 2026
- By The Hacker News
- 0 Views
- 1 min read
Major browser platforms Google and Microsoft have removed the ModHeader extension following security researchers' discovery of concealed data collection functionality. The compromised browser tool, which accumulated over 1.6 million installations, contained dormant code capable of logging and encrypting user browsing history from up to 1,000 visited domains before transmitting the data to external servers. This incident highlights critical vulnerabilities in browser extension oversight and underscores the importance of rigorous security audits for widely-distributed developer tools.
Summary auto-generated by AI from the original publisher's content. Editorial standards.