Indeed Math. Random is called when a private key is generated, however, it's called many times in a loop. The result of math.random() varies because of the state variable used in Math.Random varies every time it's called. (The implementation of math.random depends on the browser)
Yes, it is in the browser. But you cannot just ignore it. Classically-- as in when this code was actively used-- math.random was a 48bit lcg seeded by the browser time at start. It doesn't matter how many times you call it because math random itself only had 48-bits of state.