The revised Google Chrome Math.random algorithm (included in version 3.0 of Google Chrome) is predictable. This paper describes how Google Chrome 3.0 Math.random’s internal state can be reconstructed, and how it can be rolled forward and backward, and how (in Windows) the exact seeding time can be extracted.
You can download it from the following link: https://packetstormsecurity.com/files/download/80895/Google_Chrome_3.0_Beta_Math.random_vulnerability.pdf
Source: https://packetstormsecurity.com/files/80895/Google-Chrome-3.0-Beta-Math.random-Vulnerability.html