Analysis: Popular Chrome Extension ModHeader Exfiltrates User Data

DevSecOps, Web Security, Software Releases & Release Notes(aydinnyunus.github.io)view on HackerNews
ModHeaderChrome extensiondata exfiltrationAES-GCM encryptionindexedDBnetwork requests

Author: runtimepanic

Date: 7/12/2026

Article Summary:
Analysis of the ModHeader Chrome extension's data exfiltration pipeline, revealing AES-GCM encryption, randomized upload timing, and evidence deletion after exfiltration.