Currently encountering the same issue as this unanswered Google Groups post from August 2016. Looking to filter the auto-selected certificate on another field such as Subject. The Chromium documentation is not particularly clear on what additional formats the $FILTER argument can take aside from the ISSUER variant.

So far I've tried:

"FILTER": {"MY_TARGET_CN"}
"FILTER": {"SUBJECT": "MY_TARGET_CN"}
"FILTER": {"SUBJECT": {"CN":"MY_TARGET_CN"}}

None have produced the desired results. Any insight would be appreciated!

I had the same problem and after many tests I decided to investigate the chromium sources and discovered the following: There is implementation only for ISSUER filters, there is even a "TODO" in the sources as can be seen in the chrome_content_browser_client.cc file on line 585:

...
bool CertMatchesFilter(const net::X509Certificate& cert,
                   const base::DictionaryValue& filter) {
// TODO(markusheintz): This is the minimal required filter implementation.
// Implement a better matcher.

// An empty filter matches any client certificate since no requirements are
// specified at all.
if (filter.empty())
  return true;

std::string common_name;
if (filter.GetString("ISSUER.CN", &common_name) &&
  (cert.issuer().common_name == common_name)) {
  return true;
}
  return false;
}
...

An bug report already exists in:bugs.chromium.org