HeadlinesBriefing favicon HeadlinesBriefing.com

Chrome 148 Math.tanh OS Fingerprint Leak

Hacker News •
×

Chrome 148 introduced an OS fingerprint leak via Math.tanh after V8 commit c1486295ae5 replaced the bundled fdlibm implementation with the host platform's std::tanh. The three major math libraries — glibc on Linux, libsystem_m on macOS, and UCRT on Windows — return different bit patterns on roughly 25% of inputs, typically differing by 1-2 units in the last place. Chrome 147 and earlier did not leak because V8 computed tanh identically across all OSes.

The fingerprint surface extends beyond Math.tanh. Every CSS trig function (sin, cos, tan, asin, acos, atan, atan2) calls the host libm directly via Blink, creating additional OS tells. On macOS, Web Audio splits between scalar libsystem_m for the Dynamics Compressor and Accelerate/vDSP for FFT and vector math; the two libraries disagree on 10-89% of inputs depending on the function. WASM math remains consistent across OSes because it uses bundled libm and hardware arithmetic.

Scrapfly closes the gap by transcribing each target libm's minimax coefficients, exponent tables, and reduction constants into portable C, matching every bit including cases where the target rounds incorrectly. Perturbation or randomization fails because it produces values matching no real OS or breaks determinism, which is itself detectable. The reproduction must be identical to the claimed OS, not merely different from Linux.

The behavior was verified on Chrome 150 across Linux (glibc), macOS 26 on Apple Silicon (libsystem_m), and Windows 11 (ucrtbase.dll). The leak persists in Chrome 148, 149, and 150.