Hackers News Hackers News
  • CyberSecurity News
  • Threats
  • Attacks
  • Vulnerabilities
  • Breaches
  • Comparisons

Social Media

Hackers News Hackers News
  • CyberSecurity News
  • Threats
  • Attacks
  • Vulnerabilities
  • Breaches
  • Comparisons
Search the Site
Popular Searches:
technology Amazon AI
Recent Posts
Critical WatchGuard Firebox OS Flaws Let Attackers Execute Code
July 3, 2026
Critical Microsoft Exchange SSRF Vulnerability Gets Public PoC Exploit
July 3, 2026
North Korean Hackers Conceal JavaScript Loaders in Open Source Repos
July 3, 2026
Home/CyberSecurity News/LinkedIn Secretly Scans User Browsers for Installed Extensions
CyberSecurity News

LinkedIn Secretly Scans User Browsers for Installed Extensions

Key Takeaways LinkedIn has been covertly scanning user browsers for installed extensions without consent or disclosure, specifically targeting Chromium-based browsers. The scan collects highly...

Marcus Rodriguez
Marcus Rodriguez
April 4, 2026 5 Min Read
29 0

Key Takeaways

  • LinkedIn has been covertly scanning user browsers for installed extensions without consent or disclosure, specifically targeting Chromium-based browsers.
  • The scan collects highly sensitive data, including indicators of job search activity, religious beliefs, political affiliations, and disabilities, which are then transmitted to LinkedIn and third-party servers.
  • Fairlinked e.V.’s “BrowserGate” investigation describes this as a major corporate espionage and data breach scandal, potentially violating GDPR and other privacy regulations.
  • The practice has escalated dramatically, with the number of tracked extensions growing from hundreds to over 6,000 in recent years.

LinkedIn, the professional networking giant owned by Microsoft, has been caught secretly scanning user browsers for installed extensions. This clandestine operation, which occurs every time a user accesses the platform on a Chromium-based browser, gathers extensive data without user knowledge, consent, or any mention in LinkedIn’s privacy policy.

Table Of Content

  • Key Takeaways
  • The Covert Scanning Mechanism
  • Harvested Sensitive Data Categories
  • What You Should Do

An investigation by the European advocacy group Fairlinked e.V., dubbed “BrowserGate,” has exposed what researchers are calling a significant corporate espionage and data breach scandal. With over a billion users globally, LinkedIn is reportedly deploying hidden code to probe for thousands of browser extensions, compile the findings, encrypt them, and transmit this information to its own servers and to external third-party entities.

The Covert Scanning Mechanism

The technical implementation of this surveillance is designed to be both precise and undetectable. Each time a LinkedIn page loads, a silent fingerprinting script executes. This script attempts to access specific files that browser extensions can optionally expose to websites. A successful file load confirms the presence of an extension, while a failure indicates its absence. This entire process concludes in milliseconds, completely unnoticed by the user.

LinkedIn’s JavaScript bundle contains identifiers for more than 6,167 browser extensions. The scanning is exclusively activated on Chromium-based browsers, including Chrome, Edge, Brave, Opera, and Arc, due to an internal isUserAgentChrome() function check. Users of Firefox and Safari browsers are not affected by this particular scanning technique.

The danger of this surveillance is amplified by context: LinkedIn profiles are intrinsically linked to real identities, employers, and job roles. Every detected extension can thus be immediately associated with a specific individual. Furthermore, since LinkedIn possesses information about each user’s employer, these individual scans can be aggregated to construct detailed corporate intelligence profiles, revealing the software tools and practices of entire organizations without their awareness or consent.

Harvested Sensitive Data Categories

The implications of the data LinkedIn can deduce from these scanned extensions extend far beyond mere software preferences. BrowserGate researchers have identified several high-risk categories among the 6,222 tracked extensions:

  • Job Search Tools: Over 509 extensions for platforms like Indeed, Glassdoor, and Monster, potentially exposing users who are discreetly seeking new employment while their current employer might view their LinkedIn profile.
  • Religious Belief Indicators: Extensions that identify members of various faith communities, including practicing Muslims.
  • Political Orientation Markers: Tools such as news source selectors and partisan fact-checking extensions that can reveal a user’s political leanings.
  • Disability and Neurodivergent Support: Applications designed for ADHD management, autism support, and screen readers.
  • Competitor Products: More than 200 extensions for direct competitors like Apollo, Lusha, ZoomInfo, and Hunter.io, which LinkedIn could use to ascertain which companies utilize rival sales intelligence platforms.

Under the European Union’s General Data Protection Regulation (GDPR), data pertaining to religious beliefs, political opinions, and health conditions is categorized as Special Category Data. The processing of such data is strictly prohibited without explicit consent. LinkedIn reportedly lacks both consent and disclosure for collecting this information, operating without a legal basis.

The surveillance extends beyond LinkedIn’s direct control. BrowserGate researchers found an invisible tracking element loaded from HUMAN Security (formerly PerimeterX), an American-Israeli cybersecurity firm. This zero-pixel-wide element, hidden off-screen, sets cookies without user awareness. In addition to a separate fingerprinting script running from LinkedIn’s own servers, a third script from Google also executes silently on every page load. All collected data is encrypted, and none of these operations are disclosed to the user.

While HUMAN Security’s technology is widely deployed across numerous websites, ostensibly to differentiate human users from bots, BrowserGate asserts that the data flows back to third-party servers, contributing to detailed device profiles for every visitor.

The BrowserGate investigation further alleges that LinkedIn is leveraging its covert scanning capabilities for competitive enforcement. LinkedIn has reportedly issued legal threats to users of third-party tools, utilizing data obtained through this hidden scanning to identify and target them. Concurrently, LinkedIn has significantly expanded its surveillance efforts. The list of scanned products surged from approximately 461 in 2024 to over 6,000 by February 2026, marking a 1,252% increase and specifically targeting tools that the Digital Markets Act (DMA) aims to protect.

LinkedIn has countered by alleging that the BrowserGate campaign is spearheaded by an individual whose account was banned for violating LinkedIn’s Terms of Service. However, independent researchers note that this practice dates back to at least 2017, when LinkedIn was scanning for 38 extensions. By February 2026, this number had grown to nearly 3,000, and has since more than doubled.

Fairlinked e.V. maintains that these practices are illegal and potentially criminal across all jurisdictions examined. The combination of undisclosed collection of special-category data, covert transmission to third parties, and alleged regulatory deception presents severe liabilities under GDPR, the ePrivacy Directive, and the DMA. With the combined user base of the scanned extensions totaling 405 million people, BrowserGate represents one of the largest undisclosed data collection operations in the history of the commercial internet.

Regulatory bodies across the EU have been informed, and legal proceedings are being prepared. For the time being, every LinkedIn user on a Chromium browser remains subject to this silent, daily scan.

What You Should Do

  • Use Firefox or Safari: Access LinkedIn via Firefox or Safari, as these browsers’ extension architectures prevent the current detection method.
  • Dedicated Chrome Profile: Create a separate Chrome profile specifically for LinkedIn with no extensions installed to isolate your activity.
  • Enable Brave’s Fingerprinting Protection: Utilize Brave browser with its built-in fingerprinting protection enabled, which can block the detection mechanism.
  • Audit Extensions: Check your installed extensions against BrowserGate’s searchable public database to see if your tools are being tracked.

Disclaimer: HackersRadar reports on cybersecurity threats and incidents for informational and awareness purposes only. We do not engage in hacking activities, data exfiltration, or the hosting or distribution of stolen or leaked information. All content is based on publicly available sources.

Tags:

BreachCybersecuritySecurityThreat

Share Article

Marcus Rodriguez

Marcus Rodriguez

Marcus is a security researcher and investigative journalist with expertise in vulnerability research, bug bounties, and cloud security. Since 2017, Marcus has been breaking stories on critical vulnerabilities affecting major platforms. His investigative work has led to the disclosure of numerous security flaws and improved defenses across the industry. Marcus is an active participant in bug bounty programs and has been recognized for responsible disclosure practices. He holds multiple security certifications and regularly speaks at industry events.

Previous Post

Anthropic Stops Claude Subscriptions for Third-Party Tools

Next Post

Top 10 User Access Management Tools for 2026

No Comment! Be the first one.

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Popular Posts
Google Disrupts NetNut Residential Proxy Botnet Exploiting 2 Million Devices
July 3, 2026
AsyncRAT Campaign Leverages ScreenConnect to Evade Detection
July 2, 2026
AsyncRAT Campaign Exploits Cloudflare Tunnels and Python for Malware Delivery
July 2, 2026
Top Authors
Marcus Rodriguez
Marcus Rodriguez
Jennifer sherman
Jennifer sherman
Emy Elsamnoudy
Emy Elsamnoudy
Let's Connect
156k
2.25m
285k

Related Posts

Jennifer sherman
By Jennifer sherman
Threats

GlassWorm Attacks macOS via Malicious VS Code…

January 1, 2026
Emy Elsamnoudy
By Emy Elsamnoudy
Attacks

ClickFix Attack Hides Malicious Code via Stegan Security

January 1, 2026
Sarah simpson
By Sarah simpson
Vulnerabilities

MongoBleed Detector Tool Released to Detect MongoDB Vulnerability(CVE-2025-14847)

January 1, 2026
Emy Elsamnoudy
By Emy Elsamnoudy
Breaches

Conti Ransomware Gang Leaders & Infrastructure Exposed

January 1, 2026
Hackers News Hackers News
  • [email protected]

Quick Links

  • Contact Us
  • Privacy Policy
  • Terms of service

Categories

Attacks
Breaches
Comparisons
CyberSecurity News
Threats
Vulnerabilities

Let's keep in touch

receive fresh updates and breaking cyber news every day and week!

All Rights Reserved by HackersRadar ©2026

Follow Us