Renderer exposes a Node process object — Electron / automation runtime

br.electron_process  ·  convicts

browserlayer
automationcategory
1evaders caught

What it catches

FingerprintJS BotD process detector: a renderer with process.versions.electron or process.type==='renderer' is an Electron/automation runtime; a real browser has no Node process. Gated to Electron-specific markers so a webpack process.env shim does not trip it. Verified absent on real Chrome 136. v0.74.22 FIRST LIVE POSITIVE: the new stealth ELECTRON_LEAK=1 evader (injects process.versions.electron + process.type='renderer' the way an Electron nodeIntegration renderer leaks it) was run through the live edge+detector and tripped br.electron_process — the rule was shipped active but previously unexercised (no Electron evader in the fleet), a constraint-#6 liability now resolved: the rule is proven to fire in-context. NEGATIVE control: a plain STEALTH=1 run (no leak) does NOT trip it, and the real headful Chromium/Firefox/WebKit captures have no Node process — FP-safe.

Signals it reads

browser.electron_process

How it fires

present

Evaders it caught 1

Bypassed by 10

Frontier evaders that reach the detector uncaught (scored only suspicious, defeating every convicting tell) — this check is not one that stops them. The red-team frontier this detection still has to convict.

← all detections