How LinkedIn identifies your chrome extensions

If you look at your Chrome's console while LinkedIn is loading. You'll see a long (long) list of errors like this:

What's happening? LinkedIn maintains a list of chrome extensions to detect when you visit the site. The VAST majority of these extensions are designed to automate LinkedIn behavior.

But Chrome does not have a way to list all installed extensions, that would make fingerprinting anyone on the web and exploiting vulnerabilities trivial.

But most of these extensions work by injecting logic into the LinkedIn page, whether to change the layout, add buttons, or interact with LinkedIn directly. You CAN send a request to those files to check if they exist.

And that's exactly what LinkedIn does. If you trace the failed requests, you'll find an array like this (condensed, it has 1800 ids):

[{
 id: "fmcaajfefcndfcnlbecaiapijbjpjfge",
 file: "mistral.webp"
 }, {
 id: "fmklchbkglfcamflgdhlclalanjkhpai",
 file: "css/textures/leather2.png"
 }, {
 id: "fmmkljmpghfdjaeinpgclkhgbjmkkhom",
 file: "README.md"
]

Each of those represents a chrome extension id and a file exposed to the sites the extension runs on.

The "url" for those files is chrome-extension://{id}/{file}

LinkedIn's site requests to load all 1800 files one by one, and checks if they are available, and thus the presence of that extension.

I made a POC that follows the same logic to detect extensions, enriched with the extensions name/details, and a searchable list.

LI Extensions

Identifies which extensions LI can see

Note: Many extensions are designed to ONLY work on specific domains, and the tool will not see them. But you can check any installed extensions in the search below the automated check.