John Z Black
Brunswick, ME • (207) 245-1010 • contact@johnzblack.com
LinkedIn knows what Chrome extensions you’re running. It’s been scanning for them. Without telling you.
Research called “BrowserGate” found JavaScript on LinkedIn that inventories your installed extensions. BleepingComputer independently confirmed it: 6,236 extensions checked by attempting to access file resources tied to specific extension IDs. Every time you visit.
LinkedIn’s defense? They scan extensions to “protect member privacy” and catch scraping tools. But the scan list includes language tools, tax software, and other categories with zero connection to platform abuse. That gap between the stated purpose and what the script actually does is where things get uncomfortable.
Your extensions reveal a lot. VPN extension? You’re hiding traffic. Accessibility tools? Possible disability status. Certain add-ons correlate with political or religious communities. Under GDPR, some of this qualifies as “special category data” that requires explicit consent. LinkedIn never asked.
The list keeps growing too. Around 2,000 extensions in early 2025. Then 3,000 two months ago. Now over 6,000. Someone at LinkedIn is actively developing this. The script also grabs CPU core count, memory, screen resolution, timezone, battery status, and more.
Important context: the BrowserGate report comes from a developer whose account LinkedIn banned for scraping, and who lost a related German court challenge. That doesn’t invalidate the technical findings (BleepingComputer confirmed them independently) but it means the wilder claims about data sharing deserve extra scrutiny.
Your options are limited but real. Use a separate browser profile for LinkedIn with no extensions. Use Firefox. Or accept that Microsoft knows what’s in your browser and apparently considers that just fine.
One billion users. Six thousand extensions. Nobody was asked.
The full story on LinkedIn’s undisclosed browser surveillance