Detect and crash Chromium bots with one weird trick (bots hate it!) (blog.castle.io)
from wegbier@feddit.org to technology@lemmy.world on 10 May 2025 14:10
https://feddit.org/post/12227482

#technology

threaded - newest

henfredemars@infosec.pub on 10 May 2025 15:34 next collapse

We recently stumbled across a bug on the Chromium bug tracker where a short JavaScript snippet can crash headless Chromium browsers like those used by Puppeteer and Playwright. Sounds like a dream bot signal, right? Detect the bots, crash their browsers, and all from client-side JS, no server needed. If you’re lucky enough, you may even be able to cause memory leaks on their servers!

Maybe. Maybe not. In this post, we’ll break down the bug, explore how it could be weaponized for detection, and finally explain why this is probably not a good idea to use it in production.

MonkderVierte@lemmy.ml on 10 May 2025 16:57 next collapse

Doesn’t affect AI scrapers much but stuff like yt-dlp.

GrumpyDuckling@sh.itjust.works on 10 May 2025 18:14 collapse

This kind of sucks for people who have made automation scripts. It could also have consequences for site owners if it affects accessibility tools for disabled users. It could even be considered malicious under certain laws. If you use something like this you should also have an API.