Chrome Math.tanh() leaks underlying operating system
Starting with Chrome 148, the V8 engine routes Math.tanh() to the host operating system's libm implementation, returning slightly different bits on Linux, macOS, and Windows. This creates a fast, deterministic fingerprinting vector that identifies the underlying OS through JavaScript, CSS trigonometry, and Web Audio functions.
- –The vulnerability stems from the IEEE 754 standard not strictly enforcing correct rounding for transcendental functions like tanh and sin, leading OS vendors to make different speed-vs-precision tradeoffs.
- –It highlights the extreme lengths required to build a stealth scraping browser—Scrapfly had to manually transcribe Apple's math library and force hardware FMA paths to prevent timing attacks.
- –Because JavaScript Math, CSS calc(), and Web Audio each route through different underlying libraries (e.g., Apple's scalar vs. Accelerate vector math), spoofing a single OS accurately requires correctly mocking multiple disparate execution paths.
- –WASM avoids this specific fingerprinting vector entirely since it lacks transcendental opcodes and relies on its own bundled math implementations.
DISCOVERED
1h ago
2026-07-13
PUBLISHED
4h ago
2026-07-12
RELEVANCE
AUTHOR
joahnn_s