Protect.Computer
NEWS

LinkedIn browser script can detect 6,000+ Chrome extensions: what users should check now

· 1 min read · Privacy tracking Device safety
LinkedIn browser script can detect 6,000+ Chrome extensions: what users should check now

Photo by protect.computer on protect.computer

A new report and independent testing indicate LinkedIn pages can run JavaScript that checks whether specific Chrome extensions are installed. Reported lists now include more than 6,000 extensions, which is much larger than earlier public observations.

LinkedIn says it uses extension detection to identify tools that violate platform terms and to protect user privacy and site stability. Critics argue this kind of fingerprinting can still expose sensitive behavioral or workplace signals when linked to real-name accounts.

For everyday users, the practical risk is less about a single “hack” and more about privacy leakage: websites inferring what tools you use, what environment you work in, or whether your browser setup is uncommon enough to help track you.

Affected devices/models right now are mainly Chromium-based desktop browsers (Google Chrome, Microsoft Edge, Brave, Opera, Vivaldi) where extension IDs can be probed from page scripts.

If you use LinkedIn often, this is a good reminder to reduce unnecessary extension exposure and keep separate browser profiles for work and personal browsing.

How to check if you’re affected

  1. Open LinkedIn in Chrome/Edge and press F12 (Developer Tools).
  2. Go to Network and reload the page.
  3. Look for unusual script requests and repeated checks against chrome-extension:// resource paths.
  4. Review installed extensions at chrome://extensions and remove any you no longer need.
  5. Create a separate browser profile for social/work sites with only essential extensions.
  6. If you manage company devices, compare extension baselines across teams and remove high-risk or unnecessary add-ons.

What to do now

  • Keep your extension list minimal (fewer extensions = less detectable surface).
  • Avoid installing untrusted extension packs or “growth” tooling that requests broad access.
  • Use privacy-focused browser settings and regularly clear unused profiles.
  • For organizations: publish an approved-extension policy and audit exceptions.

Sources

Related reading

News
Samsung TVs to stop collecting Texans’ data without express consent

Security alert: Samsung TVs to stop collecting Texans’ data without express consent

News
TA446 uses leaked DarkSword iOS kit in spear-phishing campaign

Researchers report TA446 (COLDRIVER/Star Blizzard) using DarkSword iOS exploit infrastructure in a new spear-phishing campaign.

News
Apple sends critical software alerts to outdated iPhones after web-attack activity

Apple is pushing lock-screen critical software alerts to users on older iOS/iPadOS versions due to active web-based attack risk.

News
Apple pushes first Background Security Improvements update to fix WebKit flaw

Apple released its first Background Security Improvements patch to fix CVE-2026-20643, a WebKit same-origin policy bypass risk.