Reddit
ECMAScript Spec Forces V8 to Leak Whether DevTools Is Open — New Browser Fingerprinting Vector
A security researcher demonstrated that the ECMAScript specification's object serialization behavior forces V8 to leak whether DevTools (or any CDP Runtime.enable caller) is active. The technique uses a Proxy trap on the prototype chain that fires synchronously when console methods serialize arguments — no timing, no extensions, no special permissions needed. This affects all Chromium-based browsers and automation tools (Puppeteer, Playwright) that call Runtime.enable, creating a deterministic fingerprinting vector that anti-detect browsers cannot easily patch. Reddit: r/programming (59↑, 30 comments).
Source
↳ Follow the thread