Comment by aussieguy1234
Comment by aussieguy1234 a day ago
So this is basically hidden client attestation?
Comment by aussieguy1234 a day ago
So this is basically hidden client attestation?
That would provide not extra capability. Anybody smart enough to modify the chrome executable could just patch the hash generation to also return a static (but correct) hash.
Not really. It's just an API key + the user agent. There is no mechanism to detect the browser hasn't been tampered with. If you wanted to do that you'd at least include a hash over the browser binary, or better yet the in-memory application binary.