Google and Microsoft pull ModHeader extension with 1.6 million installs

Google and Microsoft removed the ModHeader browser extension from their stores after discovering a dormant data collector in a March 2026 update.

CSBadmin
1 Min Read

Google and Microsoft have removed the popular ModHeader browser extension from the Chrome Web Store and Edge Add-ons after researchers discovered a dormant data collection mechanism embedded in a March 2026 update. ModHeader, used by developers and security testers to modify HTTP request headers, had accumulated over 1.6 million installs across both platforms.

The extension’s malicious functionality was found to be deliberately hidden and inactive at the time of review, suggesting a supply chain compromise or an insider threat. The dormant collector could have been remotely activated at any time to exfiltrate browsing data, credentials, or other sensitive information from users’ browsers.

Both Google and Microsoft acted swiftly to remove the extension once the dormant code was identified. Users who had installed ModHeader are advised to remove it immediately and review their browser extensions for any suspicious permissions. The incident highlights the growing challenge of detecting dormant malicious code in browser extensions that passes initial review and activates later.

CSBadmin

The latest in cybersecurity news and updates.

Share This Article
Follow:
The latest in cybersecurity news and updates.