Earlier within the year, we tend to had rumored a significant vulnerability in Google Chrome that leaked user’s real science address even supposing they were employing a VPN. The vulnerability involving WebRTC might leak users real science of all VPN services users, had cause panic among VPN users attributable to the inherent risks.
Google has currently revealed associate extension for its Chrome browser that fixes this serious WebRTC security hole in Google Chrome.
The WebRTC flaw was exploited by putting a number of lines of code on a web site and employing a STUN server it became potential to reveal not solely users’ true science addresses, however conjointly their native network address too.
At that point, VPN users might install the WebRTC block extension or Script Safe that ought to block the vulnerability. Firefox users, might use the No Script addon or as an alternative, they will kind “about: config” within the address bar and set the “media.peerconnection.enabled” setting to false.
However, currently Google has revealed a little Chrome extension (7.31KB) referred to as “WebRTC Network circuit.” This extension disables the WebRTC multiple-routes possibility in Chrome’s privacy settings whereas configuring WebRTC to not use bound science addresses.
In addition to activity native science addresses that area unit ordinarily inaccessible to the general public net (such as 192.168.1.1), the extension conjointly stops different public science addresses being unconcealed.
“Any public science addresses related to network interfaces that aren’t used for net traffic (e.g. associate ISP-provided address, once browsing through a VPN) [are hidden],” Google says.
“Once the extension is put in, WebRTC can solely use public science addresses related to the interface used for net traffic, generally identical addresses that area unit already provided to sites in browser communications protocol requests.”
While WebRTC Network circuit appears a decent resolution for the WebRTC security hole, Google admits having problems with the extension,
“This extension could have an effect on the performance of applications that use WebRTC for audio/video or period of time digital communication. As a result of it limits the potential network methods, WebRTC could decide a path that ends up in considerably longer delay or lower quality (e.g. through a VPN). We tend to are trying to work out however common this is”.