← Back to news

Google and Microsoft Pull ModHeader With 1.6 Million Installs After Dormant Collector Found

The Hacker News13/07/2026, 17:17
Read full article →

Summary

AI-Generated

Key Points:

  • Google and Microsoft have removed the ModHeader extension after discovering a dormant browsing-history collector embedded within it, which could potentially be activated via a simple update.
  • The extension, with 1.6 million installs, has not been proven to collect data yet, but its design allows for easy activation of the collector, posing significant privacy risks to users.
  • Users are advised to uninstall ModHeader immediately, rotate any sensitive information stored in it, and block the associated domains at DNS and proxy levels.

Technical Details: The ModHeader extension contained a dormant browsing-history collector that could be activated by populating an internal allow-list. The collector was designed to encrypt and upload browsing data to api.stanfordstudies[.]com.

MITRE ATT&CK Techniques:

  • None mentioned

IOCs Mentioned:

  • api.stanfordstudies.com
  • extensions-hub.com
  • Extension ID: idgpnmonknjnojddfkpgkljpfnnfcklj

This incident highlights the risks associated with browser extensions that may contain hidden functionalities capable of compromising user privacy. Security teams should remain vigilant regarding third-party extensions and their potential for malicious behavior.

Join the discussion — sign up to comment, upvote, and save articles.

Discussion

or to comment
Loading...

Loading comments...

Join 5,000+ security professionals

Get access to curated threat intel, upvote articles, join discussions, and build your karma in the SOC community.