Math Library Fingerprinting Vulnerability Discovered in Chrome
A vulnerability in the Chrome browser's math library has been discovered, allowing fingerprinting of underlying operating systems. The issue affects Linux, macOS, and Windows, with discrepancies in the tanh function's output. This could have implications for user privacy and online tracking.
Key points
- The vulnerability affects the tanh function in Chrome's math library, which can be used to fingerprint operating systems.
- Discrepancies in the tanh function's output were observed between Linux, macOS, and Windows, with Linux and macOS disagreeing on about a quarter of all inputs and Windows disagreeing on a few percent.
- The issue was measured on Chrome 150 across three real machines: Linux (glibc), macOS (libsystem_m), and Windows (UCRT).
- The vulnerability could have implications for user privacy and online tracking, as it allows for the identification of underlying operating systems.
- Researchers have demonstrated the vulnerability by running the Math.tanh function on different operating systems and observing the discrepancies in output.
Math Library Fingerprinting Vulnerability Discovered in Chrome
A recent discovery has revealed a vulnerability in the Chrome browser's math library, which can be used to fingerprint underlying operating systems. The issue affects the tanh function, which is used to compute the hyperbolic tangent of a given value.
The vulnerability was discovered by running the Math.tanh function on different operating systems and observing the discrepancies in output. The results showed that Linux, macOS, and Windows disagree on about a quarter of all inputs, with Linux and macOS disagreeing on about a quarter of all inputs and Windows disagreeing on a few percent.
This vulnerability could have significant implications for user privacy and online tracking. By identifying the underlying operating system, websites and advertisers can potentially track users across different devices and platforms.
The discovery of this vulnerability highlights the need for continued vigilance in the development of web technologies and the importance of ensuring that they do not compromise user privacy.
Implications and Next Steps
The implications of this vulnerability are still being assessed, but it is clear that it has the potential to impact user privacy and online tracking. As the web continues to evolve, it is essential that developers and researchers work together to identify and address vulnerabilities like this one.
In the meantime, users can take steps to protect themselves by using privacy-focused browsers and plugins, as well as being mindful of the permissions they grant to websites and applications.
Sources
The WireByte editorial team synthesises technology news from multiple primary sources, verifies the facts, and links every source. Articles are produced with AI assistance and reviewed under our editorial policy.