Google has now published an extension for its Chrome browser that fixes this serious WebRTC security hole in Google Chrome. The WebRTC flaw was exploited by placing a few lines of code on a website and using a STUN server it became possible to reveal not only users’ true IP addresses, but also their local network address too. At that time, VPN users could install the WebRTC block extension or ScriptSafe which should block the vulnerability. Firefox users, could use the NoScript addon or alternatively, they can type “about:config” in the address bar and set the “media.peerconnection.enabled” setting to false. However, now Google has published a tiny Chrome extension (7.31KB) called “WebRTC Network Limiter.” This extension disables the WebRTC multiple-routes option in Chrome’s privacy settings while configuring WebRTC not to use certain IP addresses. In addition to hiding local IP addresses that are normally inaccessible to the public Internet (such as 192.168.1.1), the extension also stops other public IP addresses being revealed. While WebRTC Network Limiter seems a good solution for th WebRTC security hole, Google admits having issues with the extension, “Once the extension is installed, WebRTC will only use public IP addresses associated with the interface used for web traffic, typically the same addresses that are already provided to sites in browser HTTP requests.” After applying the blocks and fixes detailed above, Google Chrome users can check for IP address leaks by using sites including IPLeak and BrowserLeaks.
