The mechanics of the vulnerability involves websites that make requests to STUN servers and log users’ VPN IP-address as well as the “hidden” home IP-address, in a local network addresses. Daniel Roesler, a developer has published a demo on github that allows people to check if they are affected by the security flaw. The demo claims that browser plugins can’t block the vulnerability, but this is not entirely true. As there are a few fixes available to patch the security hole. For Chrome users, you should install the WebRTC block extension or ScriptSafe which should block the vulnerability. For Firefox users, you should use the NoScript addon or Alternatively, you can type “about:config” in the address bar and set the “media.peerconnection.enabled” setting to false. Ben Van Der Pelt, TorGuard’s CEO, said that tunneling the VPN through a router is another fix and is quoted saying. As is always the case, all VPN and proxy users should regularly check if their connection is secure. This also includes testing against DNS leaks and proxy vulnerabilities.
