Possible new fingerprint vector with Window.requestAnimationFrame()

[uazo]

Preliminary checklist

• I have read the README.
• I have searched the existing issues for my problem. This is a new ticket, NOT a duplicate or related to another open issue.
• I have read the FAQs.
• I have updated Bromite to the latest version. The bug is reproducible on this latest version.
• This is a bug report about the Bromite browser; not the website nor F-Droid nor anything else.

Can the bug be reproduced with corresponding Chromium version?

Yes

Bromite version

105.0.5195.147

Device architecture

x64

Android version

10

Device model

it does not matter

Changed flags

it does not matter

Is this bug about the SystemWebView?

No

Is this bug happening in an incognito tab?

Yes

Is this bug caused by the adblocker?

No

Is this bug a crash?

No

Describe the bug

described here bug id 1236113

Steps to reproduce the bug

repo https://github.com/matthova/web-worker-boot-time-detector

Expected behavior

I think it should at least be changed to

double time = (args.frame_time - base::TimeTicks::UnixEpoch()).InMillisecondsF();

although it would be better to use Performance::ClampTimeResolution()
I will check

EDIT: checked, no, it doesn't work out like that.

Screenshots

No response

[uazo]

I think the correct way to fix it is

diff --git a/third_party/blink/renderer/core/animation_frame/worker_animation_frame_provider.cc b/third_party/blink/renderer/core/animation_frame/worker_animation_frame_provider.cc
index 9c96971a7c..9e200c8ae1 100644
--- a/third_party/blink/renderer/core/animation_frame/worker_animation_frame_provider.cc
+++ b/third_party/blink/renderer/core/animation_frame/worker_animation_frame_provider.cc
@@ -7,7 +7,9 @@
 #include "base/trace_event/trace_event.h"
 #include "third_party/blink/renderer/core/offscreencanvas/offscreen_canvas.h"
 #include "third_party/blink/renderer/core/timing/worker_global_scope_performance.h"
+#include "third_party/blink/renderer/core/workers/worker_global_scope.h"
 #include "third_party/blink/renderer/platform/bindings/microtask.h"
+#include "third_party/blink/renderer/platform/wtf/casting.h"
 #include "third_party/blink/renderer/platform/wtf/cross_thread_functional.h"

 namespace blink {
@@ -62,7 +64,11 @@ void WorkerAnimationFrameProvider::BeginFrame(const viz::BeginFrameArgs& args) {
             }
           }

-          double time = (args.frame_time - base::TimeTicks()).InMillisecondsF();
+          auto* global_scope = DynamicTo<WorkerGlobalScope>(provider->context_.Get());
+          DCHECK(global_scope);
+          double time = Performance::ClampTimeResolution(
+                          args.frame_time - global_scope->TimeOrigin(),
+                          provider->context_->CrossOriginIsolatedCapability());
           provider->callback_collection_.ExecuteFrameCallbacks(time, time);
         }
         provider->begin_frame_provider_->FinishBeginFrame(args);

I will prepare a pull.
I also try to propose it to the chromium team

[csagan5]

Sounds like a nice improvement.

[uazo]

yes, personally I am curious to get some feedback from the chromium team. they took charge of it.
I'll wait for their opinion, then I'll prepare the patch

[csagan5]

they took charge of it.

I suggest to spend some time to setup the repository to submit Chromium patches, so that you can get proper credits in future.

[csagan5]

Fixed in 108.0.5359.75.