Which is very, very easily worked around by including another version of the original setTimeout in your console code.
The only real way to detect this is through usage pattern analysis and detection on the web socket side, because if you can write something in JS that catches people, someone can make minor modifications to their code to make it work again.
Just to be clear - this wasn't my original idea and nobody should ever put any security code into a client. Even if you could make this work someone could recompile Chrome to work around it.
I've found a way to get access to the original setTimeout again by embedding an iframe into the page and extracting it from there.
Would be interested in hearing other methods of getting a handle to the original setTimeout again.
I guess you could simulate it by using some other mechanism, say firing off an async request to a server that returns after a certain time and running a callback.
The only real way to detect this is through usage pattern analysis and detection on the web socket side, because if you can write something in JS that catches people, someone can make minor modifications to their code to make it work again.