[pyrophane]

Here's the most relevant section I could find from the original source:

"Chrome extensions can expose internal files to web pages through the web_accessible_resources field in their manifest.json. When an extension is installed and has exposed a resource, a fetch() request to chrome-extension://{id}/{file} will succeed. When the extension is not installed, Chrome blocks the request and the promise rejects.

LinkedIn tests every extension in the list this way."

[golem14]

Hmm, can one fake-install extensions that randomly return yes/no to those queries ? It's pretty clear which files linkedin (and other sites doing the fingerprinting) is testing, one can observe it as the OP author points out.

It should also be interesting to see which other sites test those very same files, has anybody looked yet ?

[thayne]

It seems like it shouldn't let code originating from the site (as opposed to from the extension) to access that.

[fractaled]

I'm not sure you'd need to directly fetch to determine if they resolve. One could probably inject an img tag and see if it resolves.