Firefox and Google Chrome have implemented a technology that makes it possible to obtain IP addresses of VPN users. Security researcher Daniel Roesler has posted information on open source hosting site Github, where he explains the issue. The issue is caused by WebRTC, a Google developed open source project that provides browsers with Real-Time Communication (RTC).
Both Firefox and Chrome have WebRTC support whereby the technology sends so called "STUN requests" to STUN (Simple Traversal of User Datagram Protocol Through Network Address Translators) servers. Through these requests local and public IP addresses of the user can be obtained using Javascript.
This is mainly an issue for VPN users who often use a VPN to hide their identity. Roesler has created a page where he demonstrates his method to obtain the IP addresses. A solution for those who want to remain anonymous is disabling WebRTC in Firefox and Chrome.
In Firefox this can be done by typing "about:config" in the address bar and then set "media.peerconnection.enabled" to false. Users of Google Chrome can enter "chrome://flags/" in their address bar and then enable "Disable WebRTC device enumeration". Other solutions are disabling Javascript, the usage of Firefox Noscript or the Google Extension WebRTC Block.
