Every time you open LinkedIn in a Chrome-based browser, hidden JavaScript silently scans your computer for installed software without your knowledge, without your consent, and without a single word in LinkedIn\u2019s privacy policy.<\/p>\n
A revealing investigation conducted by the European advocacy group Fairlinked e.V., under the campaign name \u201cBrowserGate,\u201d has uncovered what researchers describe as one of the largest corporate espionage and data breach scandals in digital history.<\/p>\n
Microsoft\u2019s LinkedIn, the world\u2019s largest professional networking platform with over one billion users, is running covert code that probes visitors\u2019 browsers for thousands of installed extensions, compiles the results, encrypts them, and transmits everything back to LinkedIn\u2019s servers and to third-party companies.<\/p>\n
What the Hidden Code Actually Does<\/strong><\/h2>\nThe mechanism is technically precise and deliberately invisible. Each time a user loads a LinkedIn page, a fingerprinting script executes silently, probing for known browser extension identifiers by attempting to access files that extensions can optionally expose to websites. If a file loads, the extension is confirmed present. If not, it isn\u2019t. The entire scan takes milliseconds, and the user sees absolutely nothing.<\/p>\n
LinkedIn\u2019s JavaScript bundle contains identifiers for over 6,167 browser extensions. The scan is exclusively triggered on Chromium-based browsers<\/a> Chrome, Edge, Brave, Opera, and Arc \u2014 through a built-in isUserAgentChrome()<\/code> function check. Firefox and Safari users are not currently affected.<\/p>\n![\"\"](\"https:\/\/i0.wp.com\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEhrSJux7k0hbZCdXlGpwAOU0lWIGtkNvR0z-2ZS2HYxYUWkR-DkjeW8Y3m9_ZBdHkzMAew-Xg7fd5WBPP9Bv39rfFxTQXEFWnDzV2361tMWVdCLbjsaClLAoq99HT8jz1iOyrhJboQkMVnCADxMevOLKU7RAKZkQrLv3M0AB63r1_y5bpf8-dplm0-KgxDl\/s16000\/Data%2520Flow%2520Summary.webp?ssl=1\")
<\/figure>\nWhat makes this surveillance uniquely dangerous is context: LinkedIn accounts are tied to real names, employers, and job titles. Every detected extension is instantly matched to an identified individual.<\/p>\n
Because LinkedIn also knows where each user works, these individual scans aggregate into detailed corporate intelligence profiles revealing which software tools entire organizations use, without those organizations\u2019 knowledge or consent.<\/p>\n
The Sensitive Data Being Harvested<\/strong><\/h2>\nThe scope of what LinkedIn can infer from scanned extensions goes far beyond software preferences. BrowserGate researchers identified<\/a> the following high-risk categories among the 6,222 tracked extensions:<\/p>\n\n- \n509 job search tools<\/strong> \u2014 including extensions for Indeed, Glassdoor, and Monster \u2014 exposing users secretly looking for work on the very platform where their current employer can see their profile.<\/li>\n
- \nReligious belief indicators<\/strong> \u2014 extensions that identify practicing Muslims and other faith communities.<\/li>\n
- \nPolitical orientation markers<\/strong> \u2014 news source selectors and partisan fact-checking tools revealing users\u2019 political leanings.<\/li>\n
- \nDisability and neurodivergent tools<\/strong> \u2014 ADHD management apps, autism support extensions, and screen readers.<\/li>\n
- \n200+ direct competitor products<\/strong> \u2014 including Apollo, Lusha, ZoomInfo, and Hunter.io, which LinkedIn uses to map which companies use rival sales intelligence platforms.<\/li>\n<\/ul>\n
Under the EU\u2019s General Data Protection Regulation (GDPR), data revealing religious beliefs, political opinions, and health conditions is classified as Special Category Data, not merely regulated, but prohibited from processing without explicit consent. LinkedIn has no consent, no disclosure, and no legal basis for collecting it.<\/p>\n![\"\"](\"https:\/\/i0.wp.com\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEhzy4P8775XVmA7s2IZEjGgM9nQWJte2N9SYsL8xMjIUfsgFsM7wbYMBcuqrfU7RmHGVyXN1bL85jnRtt66GdyCLYmXv1YsnvMbP7AXuyW74sdYtKVA9n_o76b67E5IHXqPqA2ZknEd70yKCwRLVfdX1KgSlpCK4sZE_6vFeezhtLuzI2tVIU4CuCTOAEb1\/s16000\/linkedin%2520servers.webp?ssl=1\")
<\/figure>\nThe surveillance extends beyond LinkedIn\u2019s own servers. BrowserGate researchers identified an invisible tracking element loaded from HUMAN Security (formerly PerimeterX), an American-Israeli cybersecurity firm, a zero-pixel-wide element hidden off-screen that sets cookies without user knowledge.<\/p>\n
A separate fingerprinting script runs from LinkedIn\u2019s own servers, and a third script from Google executes silently on every page load. All of it is encrypted. None of it is disclosed.<\/p>\n
HUMAN Security\u2019s technology is embedded on hundreds of major websites, ostensibly to distinguish real users from bots, but BrowserGate contends the data flows back to third-party servers, building detailed device profiles of every visitor.<\/p>\n
The BrowserGate investigation further alleges that LinkedIn is leveraging its covert scanning capability for competitive enforcement. LinkedIn has already sent legal threats to users of third-party tools, using data obtained through this hidden scanning to identify and target those users.<\/p>\n
Simultaneously, LinkedIn dramatically expanded the scale of its surveillance. The scan list grew from roughly 461 products in 2024 to over 6,000 by February 2026 \u2014 a 1,252% increase \u2014 targeting precisely the tools the DMA was designed to protect.<\/p>\n
The company also alleged that the BrowserGate campaign was driven by someone whose account had been banned for violating LinkedIn\u2019s Terms of Service.<\/p>\n
Independent researchers, however, note this practice dates back to at least 2017, when LinkedIn was scanning for just 38 extensions. By February 2026, that number had grown to nearly 3,000, and has since more than doubled.<\/p>\n
Fairlinked e.V. states the practice is illegal and potentially criminal in every jurisdiction it has examined. The combination of undisclosed special-category data collection, covert third-party transmission, and alleged regulatory deception presents serious exposure under GDPR<\/a>, the ePrivacy Directive, and the DMA.<\/p>\nThe combined user base of the scanned extensions amounts to 405 million people \u2014 making BrowserGate one of the largest undisclosed data collection operations in the history of the commercial internet.<\/p>\n
Regulators across the EU have been notified. Legal proceedings are being organized. For now, every LinkedIn user on a Chromium browser remains a subject of this silent, daily scan.<\/p>\n
How to Protect Yourself<\/strong><\/h2>\nUsers concerned about the scanning have several immediate options:<\/p>\n
\n- \nSwitch to Firefox or Safari<\/strong> for LinkedIn access \u2014 the detection method relies on Chrome\u2019s extension architecture, which Firefox\u2019s design prevents<\/li>\n
- \nCreate a LinkedIn-only Chrome profile<\/strong> with zero extensions installed, breaking the surveillance chain<\/li>\n
- \nUse Brave browser<\/strong> with fingerprinting protection enabled, which blocks the detection mechanism<\/li>\n
- \nAudit your installed extensions<\/strong> using BrowserGate\u2019s searchable public database to check if your tools are being tracked<\/li>\n<\/ul>\n
Follow us on Google News<\/a>, LinkedIn<\/a>, and X<\/a> for daily cybersecurity updates. Contact us<\/a> to feature your stories.<\/strong><\/p>\nThe post LinkedIn Hidden Code Secretly Searches Your Browser for Installed Extensions<\/a> appeared first on Cyber Security News<\/a>.<\/p>\n<\/div>\n
isUserAgentChrome()<\/code> function check. Firefox and Safari users are not currently affected.<\/p>\n<\/figure>\nWhat makes this surveillance uniquely dangerous is context: LinkedIn accounts are tied to real names, employers, and job titles. Every detected extension is instantly matched to an identified individual.<\/p>\n
Because LinkedIn also knows where each user works, these individual scans aggregate into detailed corporate intelligence profiles revealing which software tools entire organizations use, without those organizations\u2019 knowledge or consent.<\/p>\n
The Sensitive Data Being Harvested<\/strong><\/h2>\nThe scope of what LinkedIn can infer from scanned extensions goes far beyond software preferences. BrowserGate researchers identified<\/a> the following high-risk categories among the 6,222 tracked extensions:<\/p>\n\n- \n509 job search tools<\/strong> \u2014 including extensions for Indeed, Glassdoor, and Monster \u2014 exposing users secretly looking for work on the very platform where their current employer can see their profile.<\/li>\n
- \nReligious belief indicators<\/strong> \u2014 extensions that identify practicing Muslims and other faith communities.<\/li>\n
- \nPolitical orientation markers<\/strong> \u2014 news source selectors and partisan fact-checking tools revealing users\u2019 political leanings.<\/li>\n
- \nDisability and neurodivergent tools<\/strong> \u2014 ADHD management apps, autism support extensions, and screen readers.<\/li>\n
- \n200+ direct competitor products<\/strong> \u2014 including Apollo, Lusha, ZoomInfo, and Hunter.io, which LinkedIn uses to map which companies use rival sales intelligence platforms.<\/li>\n<\/ul>\n
Under the EU\u2019s General Data Protection Regulation (GDPR), data revealing religious beliefs, political opinions, and health conditions is classified as Special Category Data, not merely regulated, but prohibited from processing without explicit consent. LinkedIn has no consent, no disclosure, and no legal basis for collecting it.<\/p>\n<\/figure>\nThe surveillance extends beyond LinkedIn\u2019s own servers. BrowserGate researchers identified an invisible tracking element loaded from HUMAN Security (formerly PerimeterX), an American-Israeli cybersecurity firm, a zero-pixel-wide element hidden off-screen that sets cookies without user knowledge.<\/p>\n
A separate fingerprinting script runs from LinkedIn\u2019s own servers, and a third script from Google executes silently on every page load. All of it is encrypted. None of it is disclosed.<\/p>\n
HUMAN Security\u2019s technology is embedded on hundreds of major websites, ostensibly to distinguish real users from bots, but BrowserGate contends the data flows back to third-party servers, building detailed device profiles of every visitor.<\/p>\n
The BrowserGate investigation further alleges that LinkedIn is leveraging its covert scanning capability for competitive enforcement. LinkedIn has already sent legal threats to users of third-party tools, using data obtained through this hidden scanning to identify and target those users.<\/p>\n
Simultaneously, LinkedIn dramatically expanded the scale of its surveillance. The scan list grew from roughly 461 products in 2024 to over 6,000 by February 2026 \u2014 a 1,252% increase \u2014 targeting precisely the tools the DMA was designed to protect.<\/p>\n
The company also alleged that the BrowserGate campaign was driven by someone whose account had been banned for violating LinkedIn\u2019s Terms of Service.<\/p>\n
Independent researchers, however, note this practice dates back to at least 2017, when LinkedIn was scanning for just 38 extensions. By February 2026, that number had grown to nearly 3,000, and has since more than doubled.<\/p>\n
Fairlinked e.V. states the practice is illegal and potentially criminal in every jurisdiction it has examined. The combination of undisclosed special-category data collection, covert third-party transmission, and alleged regulatory deception presents serious exposure under GDPR<\/a>, the ePrivacy Directive, and the DMA.<\/p>\nThe combined user base of the scanned extensions amounts to 405 million people \u2014 making BrowserGate one of the largest undisclosed data collection operations in the history of the commercial internet.<\/p>\n
Regulators across the EU have been notified. Legal proceedings are being organized. For now, every LinkedIn user on a Chromium browser remains a subject of this silent, daily scan.<\/p>\n
How to Protect Yourself<\/strong><\/h2>\nUsers concerned about the scanning have several immediate options:<\/p>\n
\n- \nSwitch to Firefox or Safari<\/strong> for LinkedIn access \u2014 the detection method relies on Chrome\u2019s extension architecture, which Firefox\u2019s design prevents<\/li>\n
- \nCreate a LinkedIn-only Chrome profile<\/strong> with zero extensions installed, breaking the surveillance chain<\/li>\n
- \nUse Brave browser<\/strong> with fingerprinting protection enabled, which blocks the detection mechanism<\/li>\n
- \nAudit your installed extensions<\/strong> using BrowserGate\u2019s searchable public database to check if your tools are being tracked<\/li>\n<\/ul>\n
Follow us on Google News<\/a>, LinkedIn<\/a>, and X<\/a> for daily cybersecurity updates. Contact us<\/a> to feature your stories.<\/strong><\/p>\nThe post LinkedIn Hidden Code Secretly Searches Your Browser for Installed Extensions<\/a> appeared first on Cyber Security News<\/a>.<\/p>\n<\/div>\n