WebRTC Browser Vulnerability Fix
A vulnerability has been discovered in WebRTC (Web Real Time Communication), an open-source standard that enables the browsers to make voice or video calls without needing any plug-ins. With a few lines of code websites can make requests to STUN servers and log users’ VPN IP address and the ‘hidden’ home IP address, as well as local network addresses. It a massive privacy hole in two very popular browsers that you should really plug!
Please be aware, this vulnerability only affects Firefox and Chrome browers and only appears to be limited to Windows machines.
How does the WebRTC vunerability work
WebRTC allows requests to be made to STUN (Session Traversal Utilities for NAT) servers which return the ‘hidden’ home IP address as well as local network addresses for the system that is being used by the user.
1. Connect to VPNUK
2. Visit http://ipleak.net
3. If your browser is secure, you should see nothing more than VPNUK server information.
4. If your browser is affected by this issue, you’ll see information about your true IP address in the WebRTC section.
The vunerability is relatively easy to fix.
For Chrome users:
Google Chrome and other Chromium-based browser users can install the WebRTC extension ScriptSafe, which currently blocks the vulnerability.
For Firefox Users :
Type about:config in the browser’s address bar and hit enter.
Confirm you will be careful if the prompt appears.
Search for media.peerconnection.enabled.
Double-click the preference to set it to false.
This turns off WebRTC in Firefox.