for the solution I put in 'stupid', and it worked
this definitely doesn't solve the security considerations that captchas were designed for.
The 'brand' logos are an image, but they are simple to OCR.
So to break this CAPTCHA, simply hook v8 up to your auto-submit bot and interpret the JS that is being returned to you. You can't read it from the client because they serve that IFRAME from a diff domain - so they base their security on the browser x-domain policy. But that is all moot if you are building a bot, or if you build a browser extension that solves these things.