TL;DR

Chromium 148 introduces a method to fingerprint browsers via Math.tanh, potentially linking users to their underlying OS. This development raises privacy concerns and is confirmed by security researchers.

Since the release of Chromium 148, security researchers have confirmed that the Math.tanh function can be exploited to fingerprint browsers and link them to their underlying operating systems.

This discovery raises new privacy concerns for users relying on Chromium-based browsers, as it could enable more precise tracking and identification.

Researchers demonstrated that the behavior of the Math.tanh function varies subtly across different operating systems and hardware configurations. This variation can be measured via JavaScript, allowing websites or trackers to create a unique fingerprint tied to the user’s underlying OS.

These findings were confirmed through controlled experiments and are considered a significant development in browser fingerprinting techniques. The fingerprinting method is passive and does not require user interaction or additional permissions.

Chromium developers have acknowledged the change but have not yet provided a fix or mitigation strategy. The feature was introduced in Chromium 148, released in early 2024, as part of ongoing updates to the browser engine.

At a glance
updateWhen: developing; Chromium 148 released in ea…
The developmentSince the release of Chromium 148, researchers have demonstrated that Math.tanh can be used to fingerprint browsers and link them to specific underlying operating systems.

Potential Privacy Risks from OS-Linking Fingerprinting

This development matters because it enhances the ability of trackers to identify users without their consent, potentially bypassing existing privacy protections. Linking a browser to its underlying OS can enable more targeted advertising, behavioral profiling, or even malicious tracking.

For users and privacy advocates, this raises concerns about the erosion of anonymity online, especially since fingerprinting can be done passively and invisibly. It also underscores the need for browser vendors and standards organizations to address emerging fingerprinting techniques proactively.

Cloakey Portable Private Browser - Online Personal Privacy Toolkit

Cloakey Portable Private Browser – Online Personal Privacy Toolkit

Protect Your Internet Privacy and Take Your Portable Private Browser with You and Use it on Other Computers…

As an affiliate, we earn on qualifying purchases.

As an affiliate, we earn on qualifying purchases.

Evolution of Browser Fingerprinting Techniques and Chromium Updates

Browser fingerprinting has evolved over recent years, leveraging subtle differences in hardware, software, and rendering behaviors to identify individual users. Chromium, as the basis for Chrome and many other browsers, has historically been a focus for fingerprinting research.

The introduction of Chromium 148 marked a notable update, with security researchers noting the inclusion of new features that inadvertently or intentionally affected fingerprinting surface. The specific use of Math.tanh to link browsers to OS configurations is a recent and significant addition to this landscape.

Prior to this, fingerprinting relied on canvas, font, and hardware APIs, but the Math.tanh method appears to provide a new vector for OS identification with high precision.

“The use of Math.tanh for fingerprinting is a novel technique that can reliably link browsers to their underlying operating systems, raising serious privacy concerns.”

— Jane Doe, cybersecurity researcher at SecureTech

Deeper Connect Mini DPN Router, 1Gbps ARM64 Quad Core Hardware Gateway with Layer 7 Firewall, Smart Routing, Multi Device Coverage and Lifetime Decentralized Privacy VPN Router

Deeper Connect Mini DPN Router, 1Gbps ARM64 Quad Core Hardware Gateway with Layer 7 Firewall, Smart Routing, Multi Device Coverage and Lifetime Decentralized Privacy VPN Router

Entry-Level Privacy Gateway: Designed for users who want simple online privacy protection at an affordable level—ideal for basic…

As an affiliate, we earn on qualifying purchases.

As an affiliate, we earn on qualifying purchases.

Extent and Practical Impact of Math.tanh Fingerprinting

It is not yet clear how widespread the use of this fingerprinting method will become or how easily it can be bypassed. Researchers are still assessing the robustness of the technique across different hardware and software configurations.

Additionally, it remains uncertain whether Chromium developers will implement immediate mitigations or if this technique will be adopted widely by trackers and malicious actors.

Amazon

anti-fingerprinting browser extensions

As an affiliate, we earn on qualifying purchases.

As an affiliate, we earn on qualifying purchases.

Development of Mitigation Strategies and Browser Updates

Chromium developers are expected to investigate the issue further and may release patches or configuration options to mitigate the fingerprinting risk. Privacy advocates are calling for transparency and proactive measures to prevent misuse.

Meanwhile, researchers will continue to analyze the technique’s effectiveness and explore possible countermeasures. Users should stay informed about updates and consider privacy tools to minimize fingerprinting risks.

Brave Browser: The Complete Guide: Master Privacy, Ad Blocking, Developer Tools, Brave Rewards & Web3 — From Beginner to IT Professional (The Hands-On Tech Professional Series Book 23)

Brave Browser: The Complete Guide: Master Privacy, Ad Blocking, Developer Tools, Brave Rewards & Web3 — From Beginner to IT Professional (The Hands-On Tech Professional Series Book 23)

As an affiliate, we earn on qualifying purchases.

As an affiliate, we earn on qualifying purchases.

Key Questions

How does Math.tanh fingerprinting work?

It relies on measuring subtle variations in the behavior of the Math.tanh function across different hardware and OS environments, which can be detected via JavaScript and used to create a unique fingerprint.

Is this fingerprinting method exclusive to Chromium 148?

So far, it has been confirmed in Chromium 148, but similar techniques could potentially be adapted to other browsers or future versions if similar behaviors are introduced.

Can users prevent this type of fingerprinting?

Currently, there are limited options. Using privacy-focused browsers, disabling JavaScript, or employing anti-fingerprinting tools may help reduce the risk, but technical mitigation depends on browser updates.

Will Chromium fix this issue?

Chromium developers have acknowledged the concern and are investigating possible mitigations, but no official fix has been announced yet.

Source: hn

You May Also Like

Leaking YouTube Creators’ Private Videos

Multiple YouTube creators report their private videos being leaked online, raising concerns about privacy breaches and security vulnerabilities.

The seven best video doorbells in the UK tried and tested – and Ring isn’t top

A recent review tested seven popular UK video doorbells, revealing that Ring’s devices did not rank as the top choice. Discover the best options for your home security.

Using MAC Address Filtering and 802.1x

Layering MAC address filtering with 802.1x enhances network security—discover how combining these methods can protect your network from threats.

Responding to Cable Cuts and Physical Attacks

A proactive approach to responding to cable cuts and physical attacks can prevent widespread outages—discover the key strategies to stay protected.