The implementation of WebRTC has allowed websites to insert a few lines of code to reveal the true IP of the user even when a VPN is used. Browsers that use it such as Chrome and Firefox are affected by this vulnerability but only Windows users are affected. Mac and Linux aren’t affected. Also, Safari and Internet Explorer are not affected by this vulnerability as they do not implement WebRTC by default.
WebRTC was designed to allow browser to browser applications for voice-calling, video-chat, P2P and file sharing without the requirement for any external plugins.
The easiest way to fix this vulnerability is simply to use Safari or Internet Explorer instead but thankfully if you’re ok with installing additional plugins, there are ways to keep on using Chrome or Firefox while patching this vulnerability.
Chrome users can easily install the WebRTC block extension or ScriptSafe, which both block the vulnerability. We have tested it and confirm that this is working.
Firefox users can block the request with the NoScript addon as the vulnerability relies on Javascript and selectively enabling Javascript blocks this. Alternatively, you can type “about:config” in the address bar and set the “media.peerconnection.enabled” setting to false.
Another way around this vulnerability is to install the VPN directly onto your router if your firmware supports OpenVPN (DD-WRT, Tomato, Asus-WRT.
As clarification, this is not really a vulnerability on the VPN itself but more on how WebRTC API is implemented within the affected browsers. Only a handful of web applications use WebRTC (with the exception of Whatsapp Web), so disabling it is unlikely to affect your day to day experience.
To check if you have patched the problem go to this site to check if your real IP shows.
0 Comments
does this issue also apply to Opera (variant of Chrome….so i’m told) ???
if so, what is the solution…..same as Chrome??
jr
Opera also uses WebRTC as well. I believe there’s a plugin called HTTP Switchboard or you can install the “Chrome extension” to allow it to use the WebRTC Block extension.
Once installed,test if it works properly by going to
That last line by Reuben “Once installed, test if it works properly by going to”. Going to where?
I would like to test it as I’m using Pale Moon, a supposedly more secure version of FireFox, which has no “media.peerconnection.enabled”
in “about.config”.
Cheers.
OK… once installed how do I test to check if it works? thx
Wow. Good to know I was still being exposed. Fixed vulnerability on both Google and Firefox. Thanks Boleh you are the best!
Hey FrankN: Here’s the link. Got cut off.
jR: see below
https://diafygi.github.io/webrtc-ips/
@FrankN.Stein:
I believe Pale Moon doesn’t support WebRTC out of the box so you should be safe. No harm testing 😀
I’m assuming that this WebRTC vulnerability does not affect Chrome running on iOS devices (iPad, et cetera). Is that right?