Canvas measureText differs between main and OffscreenCanvas — main-thread font hook

br.measuretext_offscreen_vs  ·  convicts

browserlayer
artifactcategory
1evaders caught

What it catches

Main CanvasRenderingContext2D.measureText and OffscreenCanvas measureText use the same engine font metrics, so they are identical on a real browser (verified width 390.34375 == on Chrome 136). A tool that hooks the main-thread CanvasRenderingContext2D.measureText to spoof fonts but not OffscreenCanvasRenderingContext2D (a DISTINCT prototype) diverges — the incomplete-spoof tell from the catalog's measureText gap. FP-safe (a real browser never diverges); gated on OffscreenCanvas support. v0.74.22 FIRST LIVE POSITIVE: the new stealth MEASURETEXT_SPOOF=1 evader (hooks main-thread measureText, +0.5px width farble, leaves OffscreenCanvas real) was run through the live edge+detector and tripped br.measuretext_offscreen_vs; the rule was active but previously unexercised (no fleet evader hooked one realm's measureText), a constraint-#6 liability now resolved. NEGATIVE controls: a plain STEALTH=1 run does NOT trip it, AND real Camoufox does NOT — its font protection is ENGINE-LEVEL (consistent across realms, like its audio readback), so all three committed camoufox captures lack the signal. CORRECTION of the earlier 'e.g. Camoufox' example: Camoufox is the FP-safe negative here, NOT a positive — the positive is a realm-incomplete JS hook.

Signals it reads

browser.measuretext_offscreen_divergence

How it fires

present

Evaders it caught 1

Bypassed by 10

Frontier evaders that reach the detector uncaught (scored only suspicious, defeating every convicting tell) — this check is not one that stops them. The red-team frontier this detection still has to convict.

← all detections