The study had previously found that the randomness wasn’t really random at all, eventually falling into patterns given enough time.
To fix the bug Google needed to switch to a new pseudo-random number generator called xorshift128+ which fixes the not-quite-random problem found in the older MWC1616 algorithm.
xorshift128+ results in random numbers that are actually random and offers significant performance improvements, however is not cryptographically secure, so shouldn’t be used to create GUIDs or other secure hashes.
Google says it was happy to fix the problem and is encouraging anyone who spots an abnormality, big or small, to file issues on its bug tracker in the future.
➤ There’s Math.random(), and then there’s Math.random() [V8 Engine]