YOU ARE VIEWING ONE ITEM FROM THE AICRIER FEED

Chrome Math.tanh() leaks underlying operating system

AICrier tracks AI developer news across Product Hunt, GitHub, Hacker News, YouTube, X, arXiv, and more. This page keeps the article you opened front and center while giving you a path into the live feed.

// WHAT AICRIER DOES

7+

TRACKED FEEDS

24/7

SCRAPED FEED

Short summaries, external links, screenshots, relevance scoring, tags, and featured picks for AI builders.

Chrome Math.tanh() leaks underlying operating system
OPEN LINK ↗
// 1h agoNEWS

Chrome Math.tanh() leaks underlying operating system

Starting with Chrome 148, the V8 engine routes Math.tanh() to the host operating system's libm implementation, returning slightly different bits on Linux, macOS, and Windows. This creates a fast, deterministic fingerprinting vector that identifies the underlying OS through JavaScript, CSS trigonometry, and Web Audio functions.

// ANALYSIS
  • The vulnerability stems from the IEEE 754 standard not strictly enforcing correct rounding for transcendental functions like tanh and sin, leading OS vendors to make different speed-vs-precision tradeoffs.
  • It highlights the extreme lengths required to build a stealth scraping browser—Scrapfly had to manually transcribe Apple's math library and force hardware FMA paths to prevent timing attacks.
  • Because JavaScript Math, CSS calc(), and Web Audio each route through different underlying libraries (e.g., Apple's scalar vs. Accelerate vector math), spoofing a single OS accurately requires correctly mocking multiple disparate execution paths.
  • WASM avoids this specific fingerprinting vector entirely since it lacks transcendental opcodes and relies on its own bundled math implementations.
// TAGS
fingerprintinganti-botchromiumjavascriptmathweb-scraping

DISCOVERED

1h ago

2026-07-13

PUBLISHED

4h ago

2026-07-12

RELEVANCE

8/ 10

AUTHOR

joahnn_s