alt Hacker NewsLooks to me like LinkedIn is fetching chrome-extension://{extension id}/{known filename} and seeing if it succeeds, not pinging the web store.
Should be patched nonetheless though, that's a pretty obscene fingerprinting vector.
Looks to me like LinkedIn is fetching chrome-extension://{extension id}/{known filename} and seeing if it succeeds, not pinging the web store.
Should be patched nonetheless though, that's a pretty obscene fingerprinting vector.
How do you patch it? The extensions themselves (presumably) need to access the same web accessible resources from their content scripts. How do you differentiate between some extension’s content script requesting the resource and LinkedIn requesting it?