Renderer exposes a Node process object — Electron / automation runtime
br.electron_process · convicts
What it catches
FingerprintJS BotD process detector: a renderer with process.versions.electron or process.type==='renderer' is an Electron/automation runtime; a real browser has no Node process. Gated to Electron-specific markers so a webpack process.env shim does not trip it. Verified absent on real Chrome 136. v0.74.22 FIRST LIVE POSITIVE: the new stealth ELECTRON_LEAK=1 evader (injects process.versions.electron + process.type='renderer' the way an Electron nodeIntegration renderer leaks it) was run through the live edge+detector and tripped br.electron_process — the rule was shipped active but previously unexercised (no Electron evader in the fleet), a constraint-#6 liability now resolved: the rule is proven to fire in-context. NEGATIVE control: a plain STEALTH=1 run (no leak) does NOT trip it, and the real headful Chromium/Firefox/WebKit captures have no Node process — FP-safe.
Signals it reads
browser.electron_process
How it fires
present
Evaders it caught 1
Bypassed by 10
Frontier evaders that reach the detector uncaught (scored only suspicious, defeating every convicting tell) — this check is not one that stops them. The red-team frontier this detection still has to convict.