Page can know what your chrome extensions are, even when your extensions don't interact with the site, by fetching `web_accessible_resources`: https://browserleaks.com/chrome#web-accessible-resources-det... . uBO mitigates this partly by generating internal secret tokens for each request: https://github.com/gorhill/uBlock/tree/master/src/web_access... .

However, there are other proof of concept of another attack vector to bypass this by using timing difference when fetching those resources.

I help maintaining uBO's lists and I've seen one real world case doing this. It's a trash shortener site, and they use the `web_accessible_resources` method as one of their anti-adblock methods. Since it's a trash site, I didn't care much later.