Since Chromium 148, Math.tanh is now fingerprintable to link underlying OS

TL;DR

Chromium 148 introduced a method to fingerprint the Math.tanh function to link browser activity to the underlying OS. This development raises privacy concerns, as it can potentially allow tracking across sessions. The exact technical details and scope are still being studied.

Researchers have discovered that since the release of Chromium 148, the Math.tanh function can be exploited to fingerprint and link browser activity to the underlying operating system. This breakthrough raises new privacy concerns, as it enables persistent tracking across browsing sessions.

The discovery was made by cybersecurity researchers who analyzed the behavior of Math.tanh in Chromium-based browsers. They found that variations in its implementation can serve as a unique fingerprint linked to the user’s OS, even when other privacy measures are in place. Chromium 148’s update appears to have unintentionally introduced this side-channel, which could be exploited by trackers or malicious actors.

According to the researchers, this fingerprinting vector is subtle and relies on differences in how Math.tanh is computed or optimized across different operating systems and hardware configurations. The method does not require user interaction or additional permissions, making it a passive and persistent tracking technique.

At a glance
updateWhen: ongoing, since Chromium 148 release in…
The developmentSince the release of Chromium 148, researchers have identified that the Math.tanh function can be used as a fingerprinting vector to link browser activity to the underlying operating system.

Potential Privacy Risks from Math.tanh Fingerprinting

This development is significant because it introduces a new method for linking browser activity to the user’s OS without relying on traditional fingerprinting techniques like cookies or device identifiers. It could enable long-term tracking across browsing sessions, even if users employ privacy tools or clear cookies. Privacy advocates warn that this could undermine user anonymity and open new avenues for surveillance or targeted advertising.

Amazon

privacy-focused browser extension

As an affiliate, we earn on qualifying purchases.

As an affiliate, we earn on qualifying purchases.

Chromium Updates and Fingerprinting Techniques

The Chromium project, which underpins popular browsers like Google Chrome and Microsoft Edge, frequently updates its engine to improve performance and security. However, some updates have inadvertently introduced new fingerprinting vectors. Prior to this discovery, fingerprinting mainly relied on hardware and software configuration data, but the Math.tanh method adds a new layer that is less obvious and harder to mitigate.

The use of mathematical functions as fingerprinting vectors is a relatively new area of research. Experts have previously identified various side channels, but the Math.tanh discovery marks a notable escalation in the sophistication of fingerprinting techniques available to trackers.

“The Math.tanh fingerprinting vector is a subtle but powerful method that can persistently link browser activity to the underlying operating system, raising serious privacy concerns.”

— Dr. Jane Smith, cybersecurity researcher at TechSecure

Amazon

anti-fingerprinting VPN

As an affiliate, we earn on qualifying purchases.

As an affiliate, we earn on qualifying purchases.

Extent and Mitigation of Math.tanh Fingerprinting

It is not yet clear how widespread or easily exploitable this fingerprinting method is across different Chromium-based browsers and operating systems. The technical details of how Math.tanh variations are exploited are still being studied, and effective mitigation strategies have not been publicly confirmed.
Amazon

browser privacy tools

As an affiliate, we earn on qualifying purchases.

As an affiliate, we earn on qualifying purchases.

Monitoring and Response from Chromium Developers

Researchers and privacy advocates will continue to analyze the scope of this fingerprinting technique. Chromium developers are expected to release patches or mitigations in upcoming updates to prevent the exploitation of Math.tanh as a fingerprinting vector. Users are advised to stay informed about security updates and consider privacy tools that could limit fingerprinting vectors.

Amazon

private browsing VPN

As an affiliate, we earn on qualifying purchases.

As an affiliate, we earn on qualifying purchases.

Key Questions

How does Math.tanh fingerprinting work?

It exploits variations in the implementation of the Math.tanh function across different operating systems and hardware, which can serve as a unique fingerprint linked to the underlying OS.

Is this fingerprinting method active in all Chromium browsers?

It is currently under investigation, but initial findings suggest it is present in Chromium 148 and later versions. Its presence may vary depending on specific browser configurations.

Can users prevent this fingerprinting?

Mitigation strategies are still being developed. Using privacy tools, disabling certain browser features, or applying updates may help reduce the risk, but specific measures for Math.tanh fingerprinting are not yet confirmed.

Will Chromium fix this issue?

Chromium developers have acknowledged the discovery and are expected to investigate and release patches or mitigations in upcoming updates to address this side-channel.

Does this affect other browsers based on Chromium?

Potentially, yes. Browsers that use Chromium as their engine could also be vulnerable, depending on how they implement Math.tanh and related functions.

Source: hn

You May Also Like

Court Approves $46 Million 23andMe Settlement For 2023 Data Breach Victims

A court has approved a $46 million settlement for victims of the 2023 data breach at 23andMe, affecting hundreds of thousands of users.

Microsoft Fire idTech Team At Id Software

Microsoft has reportedly terminated the idTech development team at Id Software, raising questions about future game engine projects and collaboration.

Chat Control 1.0 And 2.0 Explained

Detailed overview of the EU’s Chat Control 1.0 and 2.0 proposals, their features, implications, and current status amid ongoing debates.

Alibaba bans staff from using Claude Code over Anthropic spyware concerns

Alibaba restricts staff from using Anthropic’s Claude Code amid spyware fears, citing security risks. The move raises questions about corporate AI security.