As far as I understand it, it is supposed to be a scan done by the browser on the user's computer, not an external scan, which a browser extension wouldn't be able to detect.

Hopefully should soon be a thing of the past with https://developer.chrome.com/blog/local-network-access

I see. So the website would try to access private IP adresses (RFC 1918) by having elements like <iframe src="http://10.0.0.1"> in the web site and then the web site would check if the iframe was loaded successfully?

It could also just try making the request with javascript. Or try a websocket connection.

Judging just from the screenshots, it seems it blocks websites from accessing 127.0.0.1 get requests. Not a port scan to the outside, more of what do you have running on the local machine inside your network.

but it can hook javascript methods before that scan can happen.