Google releases a Chrome extension to fix the critical VPN security hole

WebRTC Network Limiter Chrome extension released by Google to fix the critical VPN security hole which revealed real IPs of users

Earlier in the year, we had reported a serious vulnerability in Google Chrome that leaked users real IP address even though they were using a VPN. ย The vulnerability involving WebRTC could leak users real IP of all VPN services users, had cause panic among VPN users because of the inherent risks.

Google has now published an extension for its Chrome browser that fixes this serious WebRTC security hole in Google Chrome.

The WebRTC flaw was exploited by placing a few lines of code on a website and using a STUN server it became possible to reveal not only usersโ€™ true IP addresses, but also their local network address too.

At that time, VPN users couldย install the WebRTC block extension or ScriptSafe which should block the vulnerability.ย Firefox users, could use the NoScript addon or alternatively, they can type โ€œabout:configโ€ in the address bar and set the โ€œmedia.peerconnection.enabledโ€ setting to false.

However, now Google has published a tiny Chrome extension (7.31KB) called “WebRTC Network Limiter.” This extension disables the WebRTC multiple-routes option in Chromeโ€™s privacy settings while configuring WebRTC not to use certain IP addresses.

In addition to hiding local IP addresses that are normally inaccessible to the public Internet (such as 192.168.1.1), the extension also stops other public IP addresses being revealed.

โ€œAny public IP addresses associated with network interfaces that are not used for web traffic (e.g. an ISP-provided address, when browsing through a VPN) [are hidden],โ€ Google says.

โ€œOnce the extension is installed, WebRTC will only use public IP addresses associated with the interface used for web traffic, typically the same addresses that are already provided to sites in browser HTTP requests.โ€

While WebRTC Network Limiter seems a good solution for th WebRTC security hole, Google admits having issues with the extension,

โ€œThis extension may affect the performance of applications that use WebRTC for audio/video or real-time data communication. Because it limits the potential network paths, WebRTC may pick a path that results in significantly longer delay or lower quality (e.g. through a VPN). We are attempting to determine how common this isโ€.

After applying the blocks and fixes detailed above, Google Chrome users can check for IP address leaks by using sites including IPLeak and BrowserLeaks.

Read More

Suggested Post