Remix.run Logo
Remix clone Hacker News
new | show | ask | jobsGithub
Panda4 6 hours ago

> Every time you open LinkedIn in a Chrome-based browser, LinkedIn’s JavaScript executes a silent scan of your installed browser extensions.

It's not clear though, either they only tested against chrome-based browsers or Firefox isn't enabling them to do so.

edit: I answered before I go fully through the article but it does say it's only Chrome based.

> The extension scan runs only in Chrome-based browsers. The isUserAgentChrome() function checks for “Chrome” in the user agent string. The isBrowser() function excludes server-side rendering environments. If either check fails, the scan does not execute.

> This means every user visiting LinkedIn with Chrome, Edge, Brave, Opera, Arc, or any other Chromium-based browser is subject to the scan.

OoooooooO 6 hours ago | parent | next [-]

Firefox uses UUID for the local extension url per extension so you can't search for hardcoded local urls.

dylan604 6 hours ago | parent | prev [-]

What is a Chrome-based browser? Isn't Chrome Google's Chromium based browser? How many are based on Chrome?

Panda4 6 hours ago | parent | next [-]

> This means every user visiting LinkedIn with Chrome, Edge, Brave, Opera, Arc, or any other Chromium-based browser is subject to the scan.

dylan604 5 hours ago | parent [-]

Exactly, so again, what is a Chrome-based browser?

Sohcahtoa82 3 hours ago | parent [-]

A lot of people mistakenly refer to Chromium-based browsers as being Chrome-based.

I feel like this is obvious and you know that this is the exact mistake being made, but rather than drop an actual correction, you take the insufferable approach of pretending you don't know what's happening and forming the correction as a question.

JumpCrisscross 3 hours ago | parent [-]

> A lot of people mistakenly refer to Chromium-based browsers as being Chrome-based

This seems to be a case where the poison seeps through the cracks. From Google and Chrome to other Chromium-based browsers. In very correct ways, in this case, they are Chrome based.

andersonpico 6 hours ago | parent | prev [-]

From "The Attack: How it works", its just checking the user agent string:

function a() { return "undefined" != typeof window && window && "node" !== window.appEnvironment; }

function s() { return window?.navigator?.userAgent?.indexOf("Chrome") > -1; }

if (!a() || !s()) return;