“Chrome almost certainly uses this header as an integrity signal, verifying that the declared user agent matches the underlying platform, spotting user agent spoofing attempts.”
Someone reverse engineered Chrome’s proprietary x-browser-validation header and found the algorithm is embarrassingly simple: concatenate a platform-specific API key with the user agent string, hash it with SHA-1, and base64 encode it. The API keys for Windows, Linux, and macOS are all published now. Google was using security through obscurity to fingerprint real Chrome browsers versus anything else, and now that obscurity is gone. This is what happens when your “validation” relies on secrets baked into a binary that anyone can decompile.