Detect and crash Chromium bots with one weird trick (bots hate it)
a year ago
- #javascript
- #chromium-bug
- #bot-detection
- A JavaScript snippet can crash headless Chromium browsers used by Puppeteer and Playwright.
- The bug involves calling `contentWindow.open` on an iframe with specific arguments, causing a crash.
- This could be weaponized for bot detection but has significant drawbacks.
- The detection method is invasive, degrades user experience, and lacks server-side metadata.
- Bots can easily adapt by overriding the `open()` method, making the signal brittle.
- The best bot detection signals are quiet, resilient, and separate detection from response.