LinkedIn is facing new scrutiny after a cybersecurity report alleged that the platform scans visitors’ browsers for thousands of installed Chrome extensions and collects device-level data during user sessions.
LinkedIn loads a hidden JavaScript file that checks for browser extensions and gathers system information.
The claims have raised broader questions about privacy, browser fingerprinting, and whether platform security measures are crossing into surveillance.
Report says LinkedIn checks more than 6,000 extensions
According to BleepingComputer, its own testing confirmed part of the claims made in a report called “BrowserGate,” including the presence of a script with a randomized filename that attempts to detect installed browser extensions by requesting files tied to specific extension IDs.
The outlet said the script checked for 6,236 browser extensions, up from roughly 2,000 extensions seen in earlier findings from 2025 and around 3,000 in code repositories from two months ago.
The LinkedIn article similarly said independent testing appeared to support part of the claim and described the scope as more than 6,200 extensions.
The script collected a broad set of browser and device data, including CPU core count, available memory, screen resolution, timezone, language settings, battery status, audio information, and storage features.
The LinkedIn article characterized those signals as the kinds of data commonly used in browser fingerprinting, a technique that can help create unique identifiers for users even without cookies.
Competitive-intelligence claims remain unproven
LinkedIn detected extensions, but that it may have been scanning for tools competing with its own sales products.
BleepingComputer quoted the report as saying LinkedIn looks for products such as Apollo, Lusha, and ZoomInfo, and because LinkedIn accounts are tied to real identities, employers, and job roles, the report argues the company could map which firms use competitor software.
But BleepingComputer also said it could not verify the report’s claims about how the data was used or whether it was shared with third parties.
The LinkedIn article likewise said there is “no independent verification” that the company used the data for competitive intelligence.
LinkedIn says the claims are “plain wrong”
LinkedIn did not deny that it detects certain browser extensions.
Instead, the company said the allegations are “plain wrong” and argued that extension detection is used to protect member privacy, stop data scraping, and preserve site stability.
LinkedIn said it checks whether static resource URLs associated with scraping extensions exist and uses that information to identify tools that violate its terms of service. The company added that it does not use the data to infer sensitive information about members.
LinkedIn also tied the dispute to a browser extension called Teamfluence, saying the BrowserGate report stems from a conflict involving a developer whose account had been restricted for scraping and other policy violations.
A German court rejected that developer’s request for a preliminary injunction and found LinkedIn’s account restrictions lawful. The court found automated data collection could breach LinkedIn’s terms and that the company was justified in blocking the accounts.
A wider privacy debate is now back in focus
Even with the legal dispute in the background, one point appears undisputed in the reporting: LinkedIn’s site uses a script that detects thousands of extensions and captures system-level information in Chromium-based browsers.
This can be compared to the behavior of an aggressive browser fingerprinting techniques previously seen at companies such as eBay and major banks. This episode has reopened debate over where the line should be drawn between anti-fraud protection and user surveillance.
For LinkedIn, the larger problem may now be reputational: even if the company insists the scanning is defensive, the scale of the detection effort is likely to intensify pressure for clearer disclosure and stronger privacy safeguards.
