The recent removal of ModHeader from both Google Chrome and Microsoft Edge extension stores has sent ripples through the cybersecurity community, raising important questions about the security of browser extensions that millions of users trust daily. This popular header modification tool, which boasted approximately 1.6 million installations across both browsers, was pulled after researchers discovered a concerning component hidden within its code: a dormant browsing history collector waiting to be activated. What makes this discovery particularly troubling is that ModHeader wasn't a suspicious newcomer but an established tool many web developers and testers relied on for their daily work. The presence of a data collection mechanism, even if currently inactive, underscores the hidden risks lurking in our browsers.
The incident unfolded when security researchers uncovered a mechanism within ModHeader designed to capture users' browsing history. Fortunately, this collector remained dormant due to an empty allow-list that prevented it from functioning. As of now, no evidence has emerged suggesting that the extension ever actually collected or transmitted any browsing data to external servers. Still, the very existence of this functionality represents a significant breach of trust. The extension's removal came swiftly after researchers reported their findings to