WebRTC Browser Vulnerability Fix
A vulnerability has been discovered in WebRTC (Web Real Time Communication), an open-source standard that enables the browsers to make voice or video calls without needing any plug-ins. With a few lines of code websites can make requests to STUN servers and log users’ VPN IP address and the ‘hidden’ home IP address, as well as local network addresses. It a massive privacy hole in two very popular browsers that you should really plug!
Please be aware, this vulnerability only affects Firefox and Chrome browers and only appears to be limited to Windows machines.
How does the WebRTC vunerability work
WebRTC allows requests to be made to STUN (Session Traversal Utilities for NAT) servers which return the ‘hidden’ home IP address as well as local network addresses for the system that is being used by the user.
The results of the requests can be accessed using JavaScript, but because they are made outside the normal XML/HTTP request procedure, they are not visible in the developer console. This means that the only requirement for this to work is WebRTC support in the browser and JavaScript.
Browser check
1. Connect to VPNUK
2. Visit http://ipleak.net
3. If your browser is secure, you should see nothing more than VPNUK server information.
4. If your browser is affected by this issue, you’ll see information about your true IP address in the WebRTC section.
Protecting yourself
The vunerability is relatively easy to fix.
For Chrome users:
Google Chrome and other Chromium-based browser users can install the WebRTC extension ScriptSafe, which currently blocks the vulnerability.
https://chrome.google.com/webstore/detail/webrtc-leak-prevent/eiadekoaikejlgdbkbdfeijglgfdalml
For Firefox Users :
In case of Firefox, the only extensions that block these look ups are JavaScript blocking extensions such as NoScript. To fix, try the following steps:
Type about:config in the browser’s address bar and hit enter.
Confirm you will be careful if the prompt appears.
Search for media.peerconnection.enabled.
Double-click the preference to set it to false.
This turns off WebRTC in Firefox.