WebRTC (Web Real-Time Communication) is an API drafted by the W3C that supports browser-to-browser applications for voice calling, video chat, and P2P file sharing (without the need of either internal or external plugins). WebRTC implements STUN (Session Traversal Utilities for Nat), a protocol that allows the discovery of your externally assigned IP address (to facilitate the applications above).
To test whether you are vulnerable please visit this demo page.
- Type about:config in the address bar.
- Scroll down to media.peerconnection.enabled, double click to set it to false.
No action is necessary.
- In your Chrome address bar type chrome://flags/#disable-webrtc and hit Enter
- WebRTC Stun origin header should be set to Enabled
- Restart your Chrome browser for changes to take into effect.