Looking at their product, I wonder how many of these kind of vulnerabilities are still open and exploited by them. Wouldn't make much sense for them to burn such a useful vulnerability which is required for their product unless they had something better.
Interesting to see how their product is open source, too: https://github.com/fingerprintjs/fingerprintjs/
It's as if they want browser developers to look at the code and break it as much as possible.