I’m sure it’s possible, but how would it be done?
Since the browser/user agent spoofer is designed to lie about what browser, operating system, and version it is.
So if the UA said Windows and Chrome and the hacker deployed exploits for those systems, they would not work since the real system is, say, Mac and Firefox.
An antidetect browser seems even harder.
Edit: I mean remote 0 click style attacks. Not phishing or anything that relies on the user being dumb.