Detect and crash Chromium bots with one weird trick (bots hate it)

Disclaimer: If you're here for the holy grail of bot detection, this may not be it, unless your UX strategy involves surprise popups and your marketing strategy involves blocking Google crawlers. We recently stumbled across a bug on the Chromium bug tracker where a short JavaScript snippet can crash headless Chromium browsers like those used by Puppeteer and Playwright. Sounds like a dream bot signal, right? Detect the bots, crash their browsers, and all from client-side JS, no server needed. If you’re lucky enough, you may even be able to cause memory leaks on their servers! Maybe. Maybe not. In this post, we'll break down the bug, explore how it could be weaponized for detection, and finally explain why this is probably not a good idea to use it in production. Analyzing the bug report Bug trackers aren’t just for frustrated engineers — they’re gold mines for bot hunters. Every headless quirk or automation bug is a potential detection signal. If it's broken in Puppeteer but fine i ... Read full article.