henfredemars@infosec.pub
on 10 May 2025 15:34
nextcollapse
We recently stumbled across a bug on the Chromium bug tracker where a short JavaScript snippet can crash headless Chromium browsers like those used by Puppeteer and Playwright. Sounds like a dream bot signal, right? Detect the bots, crash their browsers, and all from client-side JS, no server needed. If you’re lucky enough, you may even be able to cause memory leaks on their servers!
Maybe. Maybe not. In this post, we’ll break down the bug, explore how it could be weaponized for detection, and finally explain why this is probably not a good idea to use it in production.
MonkderVierte@lemmy.ml
on 10 May 2025 16:57
nextcollapse
Doesn’t affect AI scrapers much but stuff like yt-dlp.
GrumpyDuckling@sh.itjust.works
on 10 May 2025 18:14
collapse
This kind of sucks for people who have made automation scripts. It could also have consequences for site owners if it affects accessibility tools for disabled users. It could even be considered malicious under certain laws. If you use something like this you should also have an API.
threaded - newest
Doesn’t affect AI scrapers much but stuff like yt-dlp.
This kind of sucks for people who have made automation scripts. It could also have consequences for site owners if it affects accessibility tools for disabled users. It could even be considered malicious under certain laws. If you use something like this you should also have an API.