Detect and crash Chromium bots with one weird trick (bots hate it)

Summary

Disclaimer: If you're here for the holy grail of bot detection, this may not be it, unless your UX strategy involves surprise popups and your marketing strategy involves blocking Google crawlers.We recently stumbled across a bug on the Chromium bug tracker where a short JavaScript snippet can crash headless Chromium browsers like those used by Puppeteer and Playwright. Sounds like a dream bot signal, right? Detect the bots, crash their browsers, and all from client-side JS, no server needed. If you’re lucky enough, you may even be able to cause memory leaks on their servers!Maybe. Maybe not. In this post, we'll break down the bug, explore how it could be weaponized for detection, and finally explain why this is probably not a good idea to use it in production.Analyzing the bug reportBug trackers aren’t just for frustrated engineers — they’re gold mines for bot hunters. Every headless quirk or automation bug is a potential detection signal. If it's broken in Puppeteer but fine in Chrome, it’s probably worth a closer look.This one's beautifully simple. Call contentWindow.open on an iframe with certain arguments, and the browser crashes. Fully reproducible in both Puppeteer and Playwright:const iframe = document.createElement("iframe"); iframe.src = "data:text/html,<body></body>"; document.body.appendChild(iframe); iframe.contentWindow.open("", "", "top=9999");To illustrate, here’s a Playwright bot navigating to Hacker News, taking a screenshot, then detonating the crash:import { chromium } from "playwright"; (async () => { const browser = await chromium.launch({ headless: false }); const context = await browser.newContext(); const page = await context.newPage(); await page.goto('https://news.ycombinator.com'); await page.waitForTimeout(1000); await page.screenshot({ path: 'screenshot.png' }); try { await page.evaluate(() => { const iframe = document.createElement("iframe"); iframe.src = "data:text/html,<body></body>"; document.body.appendChild(iframe); iframe.contentW...