LinkedIn secretely scans for 6,000+ Chrome extensions, collects data
LinkedIn Caught Secretly Scanning Browsers for Chrome Extensions in "BrowserGate" Report
TL;DR: Security researchers have discovered that LinkedIn uses hidden JavaScript to scan visitors' browsers for over 6,000 Chrome extensions and collect device fingerprinting data, raising serious privacy concerns about corporate surveillance practices on major platforms.
What Happened
According to a new report dubbed "BrowserGate" highlighted by BleepingComputer, Microsoft-owned LinkedIn has been covertly running JavaScript scripts on its website to enumerate installed browser extensions and gather device characteristics from visitors. The scanning capability reportedly covers more than 6,000 different Chrome extensions, creating detailed profiles of users' browsing habits and installed software.
This discovery adds LinkedIn to a growing list of major websites engaged in aggressive browser fingerprinting techniques, though the scale and stealth of the extension scanning appears particularly extensive.
Technical Analysis
Browser extension enumeration is a sophisticated fingerprinting technique that exploits how extensions interact with web pages. When extensions are installed, they often inject scripts, modify page elements, or create detectable changes in the browser environment. Malicious or privacy-invasive scripts can probe for these signatures to build a comprehensive picture of what extensions a user has installed.
The technique typically works by:
- Testing for extension-specific JavaScript objects or functions
- Checking for injected CSS classes or DOM modifications
- Probing for web-accessible resources that extensions expose
- Measuring timing differences in script execution
Extension profiles are particularly valuable for tracking because they're relatively stable compared to other fingerprinting methods and can reveal detailed information about user interests, profession, security posture, and browsing habits.
Impact & Who's Affected
This affects virtually all LinkedIn users who visit the platform with Chrome browsers. The privacy implications are significant:
- Professional profiles: Extensions like VPNs, ad blockers, or productivity tools reveal work patterns and security awareness
- Security tools detection: Knowledge of installed security extensions could help attackers tailor social engineering attacks
- Cross-site tracking: Extension fingerprints can be used to link user activity across different websites
- Corporate espionage: Business intelligence about what tools competing organizations use
The data collection appears to violate user expectations of privacy and potentially runs afoul of regulations like GDPR, which requires explicit consent for non-essential data processing.
What You Should Do
Immediate actions:
- Review and minimize installed browser extensions, keeping only those you actively need
- Use browser profiles or containers to isolate LinkedIn from other browsing activities
- Consider accessing LinkedIn through incognito/private browsing mode
- Enable strict tracking protection in your browser settings
Longer-term security posture:
- Regularly audit installed extensions and remove unused ones
- Use browser extensions that specifically block fingerprinting attempts
- Consider using Firefox with strict privacy settings as an alternative to Chrome
- Implement network-level blocking of known tracking domains
For organizations:
- Update employee privacy training to include extension fingerprinting risks
- Consider corporate policies around approved browser extensions
- Evaluate whether business LinkedIn usage requires additional privacy controls
The Bigger Picture
This revelation underscores the evolving landscape of corporate data collection, where traditional tracking methods are being supplemented by increasingly sophisticated fingerprinting techniques. As third-party cookies face deprecation and privacy regulations tighten, companies are turning to more invasive methods to maintain detailed user profiles.
The fact that a Microsoft-owned professional networking platform is engaging in such practices signals that extension scanning may become more widespread across major web properties. This represents a fundamental shift in the privacy threat model â users must now consider not just what they share explicitly, but what their browser configuration inadvertently reveals.
Security professionals should treat this as a wake-up call to reassess browser security policies and user privacy protections within their organizations.
Source: BleepingComputer research and "BrowserGate" security report