Your IP: Unknown · Your Status: Unprotected Protected

Blog How-To

How to avoid browser security holes

Nov 06, 2017 · 2 min read

How to avoid browser security holes

If you use a VPN, you should be aware that Firefox and Chrome browsers for Windows use a technology that may put your privacy at risk.

This security hole may cause the real IP address leak, even when using a VPN. The detailed information about this security hole can be found in Github website here.

Here is what Github has to say about this security hole:

“Firefox and Chrome have implemented WebRTC that allow requests to STUN servers be made that will return the local and public IP addresses for the user. These request results are available to javascript, so you can now obtain a users local and public IP addresses in javascript. This demo is an example implementation of that. Additionally, these STUN requests are made outside of the normal XMLHttpRequest procedure, so they are not visible in the developer console or able to be blocked by plugins such as AdBlockPlus or Ghostery. This makes these types of requests available for online tracking if an advertiser sets up a STUN server with a wildcard domain.”

In short, the IP check method that is used by Firefox and Chrome browsers allows websites to reveal the real, ISP-issued IP address. It is claimed that websites can determine the actual IP address by running a WebRTC JavaScript code within the web browser without the visitor knowing about it. However, this security hole has only been detected in Windows Firefox and Chrome browsers and no IP leaks were discovered for Android, Linux and Mac OS versions.

Since this security hole can affect many VPN users, we strongly recommend to read the following information, explaining how to overcome this issue by taking few simple steps:

Chrome for Windows. Google offers a fix titled ‘WebRTC Network Limiter‘. The tiny Chrome extension (just 7.31KB) disables the WebRTC multiple-routes option in Chrome’s privacy settings while configuring WebRTC not to use certain IP addresses.

After you install the extension, it is recommended to check if WebRTC has been disabled. In order to do that, you should visit Browserleaks website and see if the WebRTC is enabled or disabled.

Another way to stop WebRTC leaks in Chrome is to turn off Javascript in Chrome entirely. To do this, go to: Settings > Advanced Settings > Privacy > Content Settings > JavaScript.

Firefox for Windows. To disable WebRTC in Firefox for Windows, you have to take a few more steps. At first, you will need to type “about:config” into the URL bar and press Enter. Then look for “media.peerconnection.enabled” and double click to set it to “false”.

However, the best way to avoid the leaks is using NordVPN’s proxy extension for Chrome and Firefox. Not only does it replace your IP address for private browsing and encrypt your Internet data, it also blocks WebRTC leaks.

Christina Craig
Christina Craig successVerified author

Christina is a community manager and the heart, the voice and the soul of NordVPN. She is always up for a conversation with our community of users and blog readers.

Subscribe to NordVPN blog