LinkedIn secretely scans for 6,000+ Chrome extensions, collects data

A recent report titled "BrowserGate" has raised concerns regarding Microsoft's LinkedIn, which is reportedly utilizing concealed JavaScript scripts on its website to scan users' browsers for installed Chrome extensions and gather device-specific information.

The findings, published by Fairlinked e.V., an organization representing commercial LinkedIn users, assert that LinkedIn injects JavaScript during user sessions to check for thousands of browser extensions, subsequently linking these findings to identifiable user profiles.

The report claims that this practice is employed to amass sensitive personal and corporate data, given that LinkedIn accounts are associated with actual identities, employers, and professional roles.

"LinkedIn scans for over 200 products that directly compete with its own sales tools, such as Apollo, Lusha, and ZoomInfo. By knowing the employer of each user, it can identify which companies utilize competitor products. It is extracting customer lists from thousands of software companies via users' browsers without their knowledge," the report states.

"Furthermore, LinkedIn has reportedly issued enforcement threats to users of third-party tools, leveraging information obtained from this covert scanning to pinpoint its targets."

BleepingComputer has independently verified some of these allegations through testing, revealing the presence of a JavaScript file with a randomized filename that was loaded by LinkedIn's site.

This script was confirmed to scan for 6,236 browser extensions by attempting to access file resources linked to specific extension IDs, a recognized method for determining the installation of extensions.

Previously, in 2025, a similar fingerprinting script was reported, which identified around 2,000 extensions at that time. A different GitHub repository from two months ago indicates that this number has expanded to approximately 3,000 extensions, indicating a continual increase in detected extensions.

While a significant number of the scanned extensions are related to LinkedIn, intriguingly, the script also identifies language and grammar tools, professional tax tools, and various unrelated features.

Moreover, the script gathers an extensive array of browser and device information, encompassing CPU core count, available memory, screen resolution, time zone, language settings, battery status, audio attributes, and storage capabilities.

BleepingComputer was unable to validate the specific claims presented in the BrowserGate report regarding how the acquired data is utilized or if it is shared with third-party entities.

Nevertheless, it is important to note that similar fingerprinting methods have historically been employed to create unique browser profiles, facilitating user tracking across various websites.

LinkedIn denies data use allegations

LinkedIn acknowledges the detection of certain browser extensions but asserts to BleepingComputer that this information is utilized solely to safeguard the platform and its users.

The company contends that the report originates from an individual whose account was suspended for scraping LinkedIn content and breaching the site's terms of service.

"The assertions presented in the linked report are fundamentally incorrect. The individual behind this claim is subject to account restrictions due to scraping and other violations of LinkedIn's Terms of Service.

To protect our members' privacy, their data, and to maintain site stability, we do examine extensions that collect data without user consent or otherwise violate LinkedIn's Terms of Service.

It's important to understand that some extensions possess static resources (images, JavaScript) which can be injected into our webpages. We detect these extensions by verifying if those static resource URLs are present. This detection process is observable within the Chrome developer console. We utilize this data to identify which extensions breach our terms, to enhance our technical defenses, and to understand why a member's account might be excessively accessing data of other members, which, when scaled, affects site stability. We do not employ this data to infer sensitive information about our users.

For additional context, following the restriction of this individual's account, they attempted to pursue an injunction in Germany, alleging that LinkedIn violated multiple laws. However, the court ruled against this individual, concluding that their claims lacked merit, and noted that their own data practices contravened legal standards.

Ultimately, this situation involves a person who was unsuccessful in court but is now seeking to re-litigate in the public domain without regard for factual accuracy."

LinkedIn claims that the BrowserGate report is a consequence of a dispute involving the creator of a LinkedIn-related browser extension called "Teamfluence," which LinkedIn states was restricted for violating the platform's policies.

In documentation provided to BleepingComputer, a German court rejected the developer's request for a preliminary injunction, determining that LinkedIn's actions did not amount to unlawful obstruction or discrimination.

The court also acknowledged that automated data collection alone could infringe upon LinkedIn's terms of use and validated LinkedIn's right to block accounts to protect its platform.

LinkedIn maintains that the BrowserGate report is an attempt to publicly rehash that conflict.

Regardless of the underlying motivations for the report, one indisputable fact remains.

LinkedIn's platform employs a fingerprinting script that detects over 6,000 extensions operating within a Chromium browser, along with additional information regarding a visitor's system.

This is not an isolated incident, as various companies have previously utilized aggressive fingerprinting scripts to identify applications active on a user's device.

In 2021, eBay was found to implement JavaScript for conducting automated port scans on visitors' devices to ascertain the presence of remote support software.

Although eBay did not confirm the purpose of these scripts, it was widely speculated that they aimed to prevent fraud on compromised devices.

Subsequently, it was discovered that numerous other firms, including Citibank, TD Bank, Ameriprise, and Chick-fil-A, had adopted similar fingerprinting scripts.