JS engine lacks an API its claimed Chrome version shipped — stale template

br.engine_feature_vs_ua  ·  convicts

browserlayer
coherencecategory
1evaders caught

What it catches

Promise.withResolvers shipped in Chrome 119; a UA claiming Chrome >=121 without it is an engine older than it claims (verified Chrome 136 has it). JS-layer analog of net.tls_pq_keyshare_vs_ua. v0.74.22 FIRST LIVE POSITIVE: the new stealth STALE_ENGINE=1 evader (claims a Chrome 125 Linux UA but removes Promise.withResolvers — a faithful hardcoded-modern-UA-on-an-older-build) was run through the live edge+detector and tripped br.engine_feature_vs_ua; the rule was shipped active but previously unexercised (no fleet evader inflated the UA version past the engine), a constraint-#6 liability now resolved. NEGATIVE control: a plain STEALTH=1 run (Chrome 125 WITH the feature) does NOT trip it, and the real headful Chromium capture (modern Chromium, feature present) does not carry the signal — FP-safe.

Signals it reads

browser.engine_feature_vs_ua

How it fires

present

Evaders it caught 1

Bypassed by 10

Frontier evaders that reach the detector uncaught (scored only suspicious, defeating every convicting tell) — this check is not one that stops them. The red-team frontier this detection still has to convict.

← all detections