A new investigation has sparked controversy around LinkedIn, alleging that the professional networking platform deploys hidden browser scripts capable of scanning thousands of installed extensions and collecting detailed device data from users, potentially without their knowledge. The report, dubbed “BrowserGate,” accuses LinkedIn, owned by Microsoft, of engaging in large-scale browser fingerprinting that could expose sensitive corporate and personal information. The report alleges that LinkedIn injects concealed JavaScript into user sessions that actively probes browsers for installed extensions.

Independent testing by cybersecurity outlet BleepingComputer appears to support part of the claim. Researchers observed a dynamically named script loading within LinkedIn pages that attempted to detect the presence of thousands of extensions.

Their analysis suggests the script checks for more than 6,200 browser extensions, a sharp increase from earlier findings in 2025, when roughly 2,000 extensions were reportedly targeted. More recent public code repositories indicate a steady expansion of this detection capability, underscoring how rapidly the scope has grown.

The detection method itself is not new; it involves attempting to access known resources tied to specific extension IDs. If the resource loads successfully, the extension is presumed to be installed.

One of the most controversial aspects of the BrowserGate report is the suggestion that LinkedIn may be using this data for competitive intelligence. The report claims that LinkedIn scans for tools that directly compete with its own services, including well-known sales and data platforms like Apollo, Lusha, and ZoomInfo.

Since LinkedIn profiles are tied to real identities, including employers and job roles, the report argues the company could theoretically map which organizations rely on competing software.