While developments like this can appear frightening, the good news is there is a simple fix. The real problem here however is not the fix, but rather the fact that many users will go about their day to day activities without knowledge of this flaw. It is important that you take a few minutes to make sure your system is patched.
More information on what this does is available from the researcher’s github page:
Additionally, these STUN requests are made outside of the normal XMLHttpRequest procedure, so they are not visible in the developer console or able to be blocked by plugins such as AdBlockPlus or Ghostery. This makes these types of requests available for online tracking if an advertiser sets up a STUN server with a wildcard domain.”
How to fix the WebRTC Security Hole
In Chrome browser there is now a free extension available that will patch this problem directly. You can install this add-on from the Chrome Store here.
In Firefox, there are a few more steps to patch the problem. First, type “about:config” directly into the URL bar and hit enter. Then search for “media.peerconnection.enabled” and double click this option to set it to false.
Lockdown your Network with a VPN Router
Those who are accessing the VPN by means of a VPN router are not affected by this vulnerability, however we do suggest fixing your browsers as a precaution. A VPN router runs the private tunnel directly and broadcasts the VPN via wifi so devices can connect to the network like they normally would. This leaves zero chance that a rogue script will be able to bypass the software VPN and find your ISP issued IP address because the VPN is in fact running on your router. TorGuard’s VPN router store sells a variety of high speed VPN routers that are capable of securing any network without sacrificing privacy or performance.