Disclaimer: If you're here for the holy grail of bot detection, this may not be it, unless your UX strategy involves surprise popups and your marketing strategy involves blocking Google crawlers. We recently stumbled across a bug on the Chromium bug tracker where a short JavaScript snippet can crash headless
  • GrumpyDuckling@sh.itjust.worksEnglish
    5·
    2 hours ago

    This kind of sucks for people who have made automation scripts. It could also have consequences for site owners if it affects accessibility tools for disabled users. It could even be considered malicious under certain laws. If you use something like this you should also have an API.

  • henfredemars@infosec.pubEnglish
    13·
    4 hours ago

    We recently stumbled across a bug on the Chromium bug tracker where a short JavaScript snippet can crash headless Chromium browsers like those used by Puppeteer and Playwright. Sounds like a dream bot signal, right? Detect the bots, crash their browsers, and all from client-side JS, no server needed. If you’re lucky enough, you may even be able to cause memory leaks on their servers!

    Maybe. Maybe not. In this post, we’ll break down the bug, explore how it could be weaponized for detection, and finally explain why this is probably not a good idea to use it in production.