(chromium-dev to bcc)
Sorry for the slow reply here, I was on vacation and then traveling for work.
Currently, we whitelist any applications that inject and make use of the accessibility API. However, the pipeline that gathers this data relies on the application being sufficiently popular (seen enough times) in order to weed out one off developer builds and experiments, etc, and for various other reason may not be 100% accurate. If you send me a copy of the DLL that is being injected (or at the very least summary stats: typical install path, basename, linker time/date stamp, module size) then I can tell you if your product made it into the whitelist as it currently stands.
Once the messaging phase of the mitigation rolls out (M66 through M69) you'll be able to see if your injected module will be whitelisted or will be blocked by running Chrome, having your software inject, and then visiting chrome://conflicts.
Note that our long term plan is to work with other browser vendors to develop a saner more performant accessibility API that doesn't need to use native injection (or in the worse case, allows injection into a sacrificial process). Once this API is available and sufficient transition period has elapsed, we intend to eventually stop whitelisting old a11y products as well.
Regards,
Chris