Every time you load a LinkedIn page, a hidden JavaScript script is quietly probing your browser for over 6,000 installed Chrome extensions - cataloguing what you have, harvesting hardware details, and sending it all back without asking permission. The practice was first exposed by the security research group Fairlinked e.V. in what they are calling their "BrowserGate" report, and was independently confirmed by BleepingComputer through its own testing.
The script doesn't just check for extensions. It also collects CPU core count, available system memory, screen resolution, time zone, language settings, and battery status - a detailed hardware fingerprint that can, in combination with your LinkedIn profile, be tied back to a specific, real-world identity. That's what separates this from run-of-the-mill browser fingerprinting: LinkedIn accounts carry actual names, employers, and job histories. The data isn't anonymous.
What It's Actually Looking For
The technique itself isn't new. Chromium-based browsers expose a well-known method through which any website can attempt to access file resources tied to specific extension IDs. If the file loads, the extension is installed. The script LinkedIn uses runs this check against 6,236 extension IDs - a number that has grown fast. A GitHub repository tracked LinkedIn scanning for roughly 2,000 extensions in 2025, then around 3,000 in early 2026. The current list has more than doubled since then.
A significant portion of the targeted extensions are competing sales intelligence tools - Apollo, Lusha, ZoomInfo - products that go head to head with LinkedIn's own offerings. The Fairlinked report claims over 200 competing products are scanned in total. But the list also includes grammar tools, language extensions, and software for tax professionals that have no obvious connection to LinkedIn's platform at all.
According to the report, the harvested data is transmitted to HUMAN Security, an American-Israeli cybersecurity firm. LinkedIn has not confirmed this, and it has not been independently verified.
LinkedIn's Explanation
LinkedIn told BleepingComputer the scanning is a security measure, not surveillance. "To protect the privacy of our members, their data, and to ensure site stability, we do look for extensions that scrape data without members' consent," a company spokesperson said. LinkedIn stated the data is not used to "infer sensitive information about members."
The company also pushed back on the Fairlinked report specifically, noting it was published by someone whose LinkedIn account had been restricted for alleged scraping. That individual operates a browser extension called "Teamfluence," which LinkedIn says violated its platform terms. A German court denied that person's request for a preliminary injunction against LinkedIn, finding the platform had legitimate grounds to block accounts engaged in automated data collection.
That context matters - but it doesn't change what the script does for every visitor, not just scrapers. LinkedIn's fingerprinting runs whether you're a recruiter, a job seeker, or someone just reading an article. There is no disclosure, no opt-out, and no consent prompt. You don't have to be doing anything wrong to be scanned.
Not the First Time
This kind of client-side extension detection isn't unique to LinkedIn. In 2021, eBay was caught running JavaScript that performed automated port scans on visitors' local machines to detect remote access software. The same script later turned up on pages run by Citibank, TD Bank, and Equifax. The technique works, it's hard to detect, and most users have no idea it's happening.
What makes the LinkedIn case worth watching is scale and specificity. The extension list is enormous, it's growing fast, and it's heavily weighted toward tools that compete directly with LinkedIn's own products. A platform scanning users' browsers primarily to spot competitors raises questions that go well beyond standard fraud prevention - and those questions don't disappear because the company has a plausible-sounding explanation ready.
If you use a Chromium-based browser and visit LinkedIn regularly, your installed extensions have almost certainly been logged. The only reliable countermeasure is Firefox, which blocks this type of extension probing by default.
---------------
Author: Blake Taylor
New York News Desk