There's nothing to patch, scanning is not possible.

It's either the extension's choice to become detectable ("externally_connectable" is off by default) or it makes unique changes to websites that allow for its detection.

▲

Ajedi32 6 hours ago | parent [-]

If it were just a matter of detecting changes to the DOM then this could only detect extensions that alter the LinkedIn website itself. I agree that would be much harder to make undetectable, but this seems like it goes beyond that.

	▲	halapro 6 hours ago \| parent [-]
		As mentioned, there's a way to expose your extension to the web even without making changes. The other way is a key called "web_accessible_resources". All of these are opt-in by the extensions and MV3 actually force you to specify which domains can access your extension. So, again, each extension must explicitly allow the web to find it.