LinkedIn’s Covert Operation: Uncovering 6,000+ Chrome Extension Secrets

A recent study named “BrowserGate” has raised concerns about Microsoft’s LinkedIn using concealed JavaScript scripts on its platform to scan visitors’ browsers for installed extensions and gather device information.

As per a report by Fairlinked e.V., an association of commercial LinkedIn users, Microsoft’s platform inserts JavaScript into user sessions to check for numerous browser extensions and link the findings to identifiable user profiles.

The author alleges that this action is aimed at collecting sensitive personal and business data since LinkedIn accounts are associated with real identities, employers, and job titles.

“LinkedIn scans for more than 200 products that directly compete with its own sales tools, such as Apollo, Lusha, and ZoomInfo. By knowing each user’s employer, LinkedIn can track which companies utilize competing products. It is extracting customer lists from numerous software companies through their users’ browsers without their knowledge,” the report states.

“Subsequently, LinkedIn utilizes this information. The platform has already issued warnings to users of third-party tools based on data obtained through this covert scanning to pinpoint its targets.”

BleepingComputer has independently verified some of these claims through its own testing, where a JavaScript file with a randomized filename was observed being loaded by LinkedIn’s website.

This script checked for 6,236 browser extensions by trying to access file resources linked to a specific extension ID, a common method for detecting the presence of installed extensions.

This fingerprinting script was previously identified in 2025, detecting around 2,000 extensions at that time. Another GitHub repository from two months ago indicates 3,000 extensions being detected, showing a continuous increase in the number of extensions detected.

See also  Google Chrome introduces option to disable AI scam detection feature

While many of the scanned extensions are related to LinkedIn, the script also detected language and grammar extensions, tools for tax professionals, and other seemingly unrelated features.

The script also gathers various browser and device data, including CPU core count, available memory, screen resolution, timezone, language settings, battery status, audio information, and storage features.

BleepingComputer could not validate the claims in the BrowserGate report regarding the use of the collected data or if it is shared with third-party entities.

Nevertheless, similar fingerprinting techniques have been utilized in the past to create unique browser profiles, enabling user tracking across different websites.

LinkedIn’s Response to Data Use Allegations

LinkedIn does not deny detecting specific browser extensions, stating that the information is utilized to safeguard the platform and its users.

However, the company refutes the report, attributing it to an individual whose account was restricted for scraping LinkedIn content and violating the site’s terms of use.

LinkedIn asserts that the BrowserGate report originates from a conflict involving the developer of a LinkedIn-related browser extension called “Teamfluence,” which LinkedIn states was restricted for violating the platform’s terms.

Documents provided to BleepingComputer reveal that a German court dismissed the developer’s request for a preliminary injunction, determining that LinkedIn’s actions did not constitute unlawful obstruction or discrimination.

The court also noted that automated data collection alone could breach LinkedIn’s terms of use, justifying the platform’s decision to block the accounts for protection.

LinkedIn argues that the BrowserGate report is an effort to publicly rehash that dispute.

Regardless of the report’s origins, one fact remains undisputed.

LinkedIn’s website utilizes a fingerprinting script to detect over 6,000 extensions running on a Chromium browser, along with other details about a visitor’s system.

This is not the first instance of companies employing aggressive fingerprinting scripts to identify software running on visitors’ devices.

In 2021, eBay was found using JavaScript to conduct automated port scans on visitors’ devices to determine if they had various remote support software installed.

Although eBay never disclosed the purpose of these scripts, it was widely believed that they were used to combat fraud on compromised devices.

Subsequently, it was revealed that several other companies, including Citibank, TD Bank, Ameriprise, Chick-fil-A, Lendup, BeachBody, Equifax IQ connect, TIAA-CREF, Sky, GumTree, and WePay, were also utilizing the same fingerprinting script.