Foreign media: LinkedIn secretly scans over 6,000 Chrome extensions and collects data

Source: Global Times

[Global Times Technology Comprehensive Report] On April 4, according to overseas technology media BleepingComputer, a latest report titled “BrowserGate” says that LinkedIn, a workplace social platform under Microsoft, will embed hidden JavaScript scripts on its website to scan visitors’ browsers, detect installed extensions, and collect device data.

According to a report released by Fairlinked, an organization that calls itself the “LinkedIn Business User Association,” Microsoft’s platform injects JavaScript code into users’ sessions, checks thousands of browser extensions, and links the scan results to user profiles with identifiable identities.

The report’s authors claim that LinkedIn uses this behavior to collect sensitive personal and company information because LinkedIn accounts themselves are tied to real identities, the companies users work for, and their job titles.

The report said: “LinkedIn scans more than 200 products that directly compete with its sales tools, including Apollo, Lusha, and ZoomInfo. Since LinkedIn knows each user’s employer information, it can track which companies are using which competitors’ products. Without users knowing, it extracts customer lists of thousands of software companies from users’ browsers.”

“Then, LinkedIn uses the information it discovers. Using data obtained through this covert scanning, it issues enforcement threats to users of third-party tools to lock in its targets.”

Technology media BleepingComputer confirmed part of the claims through independent testing. During the test, they observed that the LinkedIn website loaded a JavaScript file with a random filename.

The script detects 6236 browser extensions by attempting to access file resources associated with specific extension IDs—this is a known technique used to determine whether an extension is installed.

This fingerprinting script was exposed as early as 2025, when it could only detect about 2000 extensions. Two months ago, another GitHub repository showed that the detection count had increased to 3000, indicating that the number of extensions being detected continues to grow.

Although many of the extensions being scanned are related to LinkedIn, the script also detects language and grammar extensions, tools used by tax professionals, and other seemingly unrelated functions.

In addition, the script collects various browser and device data, including the number of CPU cores, available memory, screen resolution, time zone, language settings, battery status, audio information, and storage capabilities.

At present, BleepingComputer is unable to verify the claims in the “BrowserGate” report about what the data is specifically used for or whether it is shared with third-party companies.

However, similar fingerprinting technologies have often been used in the past to build unique browser “fingerprints,” enabling cross-site tracking of users.

In response, LinkedIn does not deny that it detects certain browser extensions, and told BleepingComputer that this information is used to protect the platform and its users.

But the company said the report was written by a user whose account had been banned for scraping LinkedIn content and violating the site’s terms of use.

LinkedIn said the “BrowserGate” incident originated from a dispute between it and the developer of a LinkedIn-related browser extension called Teamfluence. LinkedIn said the extension has been restricted for use due to violations of platform terms.

In a filing shared with BleepingComputer, a German court dismissed the developer’s application for a preliminary injunction, saying that LinkedIn’s actions do not constitute illegal obstruction or discrimination.

The court also found that merely automatically collecting data could violate LinkedIn’s terms of use, and that LinkedIn has the right to ban these accounts in order to protect its platform.

LinkedIn believes the “BrowserGate” report is an attempt to rehash this dispute in public opinion. (Bo Chan)

A massive amount of information and precise analysis—only on Sina Finance APP