LinkedIn is using hidden JS to scan your browser for over 6,000 specific extension IDs via a known Chromium vulnerability. By inventorying your local software, they can infer highly sensitive “Special Category” data like health status, religion, and political advocacy without consent.
I’ve joined the dots on why Chromium-based “Shields” fail here and how to harden your home lab/network to stop the leak.
So Firefox and its forks are safe?
Mostly, yes. Firefox doesn’t use the specific Chromium internal resource API that LinkedIn is exploiting for this. However, since the script relies on hidden GET requests, I still recommend Multi-Account Containers to isolate LinkedIn entirely, plus a custom uBlock Origin filter just to be sure.
Or if you change your useragent to anything other than chrome/chromium related as it only runs on detected chromium browsers.