Hiding malicious code with “Module Stomping” August 15, 2019 https://blog.f-secure.com/hiding-malicious-code-with-module-stomping/
Sounds a bit like an even more advanced version of process hollowing. But I do believe that a tool like HMPA checks for modification of legitimate modules inside the browser. If it finds any modification, it alerts about a possible browser infection by some banking trojan.
AVs that employ advanced memory scanning should be able to detect this: Also: https://attack.mitre.org/techniques/T1055/
Hiding malicious code with “Module Stomping”: Part 2 August 30, 2019 https://blog.f-secure.com/hiding-malicious-code-with-module-stomping-part-2/
Hiding malicious code with “Module Stomping”: Part 3 September 23, 2019 https://blog.f-secure.com/cowspot-real-time-module-stomping-detection/