This detection rule focuses on identifying potentially malicious activities associated with Chromium-based browsers running in headless and debugging mode, which may indicate attempts to steal data or remotely control the browser. The rule monitors for specific command-line arguments that are often used to enable these modes: '--remote-debugging-', '--user-data-dir', and '--headless'. The presence of these flags in browser processes can be suspicious, especially if they point to a user profile directory, suggesting that an attacker could be leveraging these features to exfiltrate sensitive information such as cookies and user credentials. Various references provide insight into how these techniques can be exploited for credential access attacks. As operating processes in this state can lead to significant data breaches, the rule is classified with a high severity level. False positives may occur, though they remain largely undefined, indicating the need for context-aware analysis during alerts.