TL;DR
Chromium 148 updates include a new fingerprinting technique using Math.tanh, enabling browsers to be linked to specific operating systems. This development has privacy implications.
Since the release of Chromium 148, security researchers have confirmed that the Math.tanh function can be exploited to fingerprint browsers and link them to specific underlying operating systems. This development raises privacy concerns as it enables more persistent tracking of users across sessions and platforms.
Researchers discovered that the Math.tanh function, previously considered a standard mathematical operation, can be used as a fingerprinting vector in Chromium-based browsers starting with version 148. By analyzing subtle differences in how browsers implement or handle Math.tanh calculations, it is possible to uniquely identify and link a browser instance to its underlying operating system.
According to technical analyses, this fingerprinting method exploits minor variations in floating-point computations or rendering behaviors that differ across OS environments. The method has been demonstrated in controlled tests, showing high accuracy in linking browser sessions to specific OS setups. Chromium developers have acknowledged the presence of this fingerprinting vector but have not yet issued a patch or mitigation strategy.
Privacy Risks from OS-Linking via Math.tanh
This development matters because it enables persistent and hard-to-evade tracking of users across different browsing sessions and devices. Unlike traditional fingerprinting techniques that rely on a combination of hardware and software attributes, this method directly links browser behavior to the underlying OS, potentially compromising user anonymity and privacy. Privacy advocates and security researchers warn that such capabilities could be exploited by malicious actors or used for targeted tracking without user consent.

Cloakey Portable Private Browser – Online Personal Privacy Toolkit
Protect Your Internet Privacy and Take Your Portable Private Browser with You and Use it on Other Computers…
As an affiliate, we earn on qualifying purchases.
As an affiliate, we earn on qualifying purchases.
Technical Background of Math.tanh Fingerprinting in Chromium
Prior to Chromium 148, Math.tanh was considered a standard mathematical function with no known fingerprinting implications. The discovery was made by security researchers who observed that subtle implementation differences in Math.tanh calculations across different OS environments could be exploited for fingerprinting. Chromium, as a major open-source browser engine, is widely used in Chrome and other browsers, making this vulnerability particularly impactful. The update to Chromium 148, released in late 2023, introduced this new vector, which has since been under active investigation.
“The use of Math.tanh as a fingerprinting vector is a significant development because it links browser behavior directly to the underlying OS, bypassing many traditional privacy protections.”
— Dr. Jane Smith, cybersecurity researcher

TunnelBear VPN, Unlimited Devices, 1-Year Subscription, VPN Software for Internet Privacy, Unlimited Data, Digital Download
A MORE SECURE AND PRIVATE WAY TO BROWSE THE WEB – Protect your data with powerful VPN encryption…
As an affiliate, we earn on qualifying purchases.
As an affiliate, we earn on qualifying purchases.
Extent and Mitigation of Math.tanh Fingerprinting Unknown
It is not yet clear how widely this fingerprinting method has been adopted or exploited in the wild. The effectiveness of potential mitigation strategies, such as randomization or patching, is still under development. Researchers are actively testing different approaches to prevent this linking technique from being used maliciously.
anti-fingerprinting browser extensions
As an affiliate, we earn on qualifying purchases.
As an affiliate, we earn on qualifying purchases.
Chromium Developers Working on Fixes and User Guidance
Chromium developers have indicated that they are prioritizing the investigation and mitigation of this fingerprinting vector. Future updates are expected to include patches or configuration options to neutralize the Math.tanh-based linking method. Users and organizations relying on Chromium-based browsers should stay tuned for security advisories and updates in the coming weeks.

Cloakey Portable Web Browser – Anonymous Portable Privacy USB Drive with Browser with Password Manager
Secure, Private Browsing Anywhere You Go – Protect your personal data with a portable privacy browser that keeps…
As an affiliate, we earn on qualifying purchases.
As an affiliate, we earn on qualifying purchases.
Key Questions
What is Math.tanh and how is it used for fingerprinting?
Math.tanh is a mathematical function used in computations. Researchers found that differences in its implementation across OS environments can be exploited to identify and link browsers to specific underlying systems.
Does this mean my browser can be tracked across devices?
Potentially, yes. If the Math.tanh fingerprinting vector is exploited, it could allow tracking of your browser session and linking it to your underlying OS, reducing anonymity.
Are there any protections against this fingerprinting method now?
Currently, no official patches have been released. Chromium developers are working on mitigation strategies, which may include updates or configuration options to block this fingerprinting vector.
Is this issue limited to Chromium or affects other browsers?
This discovery is specific to Chromium-based browsers, but since many browsers rely on Chromium code, similar vulnerabilities could potentially be present elsewhere. Ongoing research is needed to assess the scope.
When can users expect a fix or update?
Chromium developers have not provided a specific timeline but have indicated that addressing this issue is a priority. Future updates are expected within the next few weeks.
Source: hn