Detecting Chrome vs Chromium-Based Browsers in Extensions (Comet, Atlas, etc)

[Tamar Y]

Hi everyone,

I’m trying to implement browser-specific logic within my extension to distinguish between standard Google Chrome and other Chromium-based browsers (specifically Comet and Atlas or other Agentic AI browsers).

The Challenge: Since these browsers are built directly on top of Chromium, they seem to prioritize compatibility by masking their identity. I’ve already tested the following with no luck:

• navigator.userAgent: It returns a standard Chrome string.

• Feature Detection: Basic chrome.* API checks don't show enough variance to reliably fingerprint the specific browser.

Is there a known "under-the-hood" property, a unique chrome.runtime constant, or perhaps a specific behavior in the Rendering Engine that differentiates these distributions from the official Google Chrome build?

Can I identify from the Chrome extension scope on which browser exactly the extension is installed?

Thanks in advance, 
Tamar

[PhistucK]

I would assume those might not have Widevine (DRM) installed so the encrypted media extension API would not be able to decrypt such videos (check if it is feature-detectable without trying to play maybe). Also, they might not support non-free codecs, like H.264 and AAC. They might also not have a working web speech and geolocation APIs (but those might need user permissions or make a sound).

☆PhistucK

--
You received this message because you are subscribed to the Google Groups "Chromium Extensions" group.
To unsubscribe from this group and stop receiving emails from it, send an email to chromium-extens...@chromium.org.
To view this discussion visit https://groups.google.com/a/chromium.org/d/msgid/chromium-extensions/a55a0e00-ff3a-468f-a4fc-20566213664fn%40chromium.org.

[Jeff Johnson]

navigator.userAgentData.brands

https://developer.mozilla.org/docs/Web/API/NavigatorUAData/brands

[Tamar Y]

Thanks Jeff,
I already tried navigator.userAgentData.brands, but unfortunatelly I get same reponse when running it on comet and on Google chrome 

Google Chrome:
```
[
    {
        "brand": "Chromium",
        "version": "146"
    },
    {
        "brand": "Not-A.Brand",
        "version": "24"
    },
    {
        "brand": "Google Chrome",
        "version": "146"
    }
]
```

Comet:

```
[
    {
        "brand": "Not:A-Brand",
        "version": "99"
    },
    {
        "brand": "Google Chrome",
        "version": "145"
    },
    {
        "brand": "Chromium",
        "version": "145"
    }
]
```

Thanks also PhistucK, I ran also your ideas but got the same output for both browsers:(
The only difference I managed to detect was in the DOM, which isn't a reliable indicator.

[PhistucK]

Chrome sends the variations (field trial IDs, maybe hashed as client data) to Google whenever you visit a Google property (at least *.google.com), as HTTP headers. Maybe non-Chrome does not and you can send a request and check the headers for that (the "X-Client-Data" HTTP header, as well as other "X-Browser-*", for example. "X-Browser-Copyright" explicitly mentions "Google LLC").

☆PhistucK

--

You received this message because you are subscribed to the Google Groups "Chromium Extensions" group.
To unsubscribe from this group and stop receiving emails from it, send an email to chromium-extens...@chromium.org.

To view this discussion visit https://groups.google.com/a/chromium.org/d/msgid/chromium-extensions/43e11bf0-a286-40c8-b5d7-a7f3e414705en%40chromium.org.

[Simeon Vincent]

Tamar, you mentioned "Comet and Atlas or other Agentic AI browsers" (emphasis mine). Can you share more details about your use case? What problem are you trying to solve?

Simeon - @dotproto

incremental.software

To view this discussion visit https://groups.google.com/a/chromium.org/d/msgid/chromium-extensions/CABc02_Kriq_ELfXg0ePt75Gvaik5wHHJZw6Mn_5XVOowRfVDwQ%40mail.gmail.com.

[Tamar Y]

Hi Simeon, thanks for following up!

The problem I'm trying to solve is related to Zero Trust access for sensitive web applications.

Browsers with built-in Agentic AI pose a unique data privacy risk because they can natively read screen context and interact with the DOM autonomously. 

I need a way to detect if a user is running an AI-native browser so the extension can block access to specific, highly sensitive domains to prevent potential data leakage to third-party LLMs.

Regards, 
Tamar

[Mythical 5th]

If you embed a prompt within a page, which asks the browser to interact with the extension in a potentially harmful way, and open that page upon installation, you might be able to detect it that way.

[Tamar Y]

Thanks PhistucK for the cool idea! I checked and you're right - Comet doesn't send the x-browser-copyright header (though they do send x-client-data).

While it doesn't give me the exact browser name yet, it's a great indicator that it’s Chromium-based rather than a standard/clean browser. Thanks!

[Cuyler Stuwe]

Browser detection sounds like the wrong approach for this use-case anyway.

Chrome itself can already do things agentically with "Ask Gemini", there's the Claude extension (and countless other similar ones) that do the same, and so on.

Even if you manage to successfully detect all "agentic browsers", more will come out, and they will likely all continue to shift to evade detection (they have incentive to do so, because sites have incentive to block any suspected full-AI automation of their site, for web-scraping concerns, if nothing else).

You might be able to find some precise/nuanced way in which one of these browsers diverges from the others, but the caveat about relying on something so precise is that it's also inherently-brittle to change.

To view this discussion visit https://groups.google.com/a/chromium.org/d/msgid/chromium-extensions/ab09110e-918a-40fa-9848-d4e6e9e75452n%40chromium.org.