Update (July-30-2015): Google Chrome team tries to fix this issue. Not really! With the release of the WebRTC Network Limiter extension, the Google dev team itself is now having a jab at the issue, trying, just like Rentamob's chrome extension , to fix the IP leaking problem without disabling WebRTC completely. According to Google devs, "once the extension is installed, WebRTC will only use public IP addresses associated with the interface used for web traffic," which are "typically the same addresses that are already provided to sites in browser HTTP requests." With the extension developed by Rentamob to fix the issue without disabling WebRTC completely, but according to TorrentFreak, this caused some WebRTC functions like VoIP not to work correctly. Unfortunately, just like the Rentamob add-on, the WebRTC Network Limiter also has its own downsides, more accurately, by limiting "potential network paths, WebRTC may pick a path that results in significantly longer delay or lower quality." Google, doesn't reveal it public nor accept that they are the people who have 100s of STUN servers globally to keep track of real IP address for the connections that come through VPN or TOR networks.
Update (Feb-26-2015): Few readers on Reddit raised questions about, what does TOR have to do with this bug as, the Tor bundled browser, is a very highly stripped down browser keeping privacy and security in mind and could not be affected by this bug, but in fact many TOR users are unaware that the Tor browser is NOT Firefox browser and they end up treating it like Firefox using all sorts of add-ons on it. But whats more important is that the real discussion is NOT just about the Tor browser, but Tor as a service being used through another browser like Chrome [Video] still doesn't give you the expected privacy what TOR has to offer. So, all I say is guys, lets look at this problem and find a way to fix it than get into discussions which doesn't lead us anywhere.
A recently discovered security flaw explained by TorrentFreak allows remote sites to take advantage of WebRTC (Web Real Time Communication, a feature built in to most browsers) to reveal a user's true IP address, even if they're connected to a VPN. Most sites aren't taking advantage of the flaw yet, but considering services like Hulu, Spotify, Netflix, and others are taking steps to identify and lock out VPN users, it's not a stretch to assume they'll start.
A few lines of code is all it takes to remove the location protection you get from using a VPN, and figure out where you're actually located and who your internet service provider really is (who can then tie your address back to who you are specifically.) While the vulnerability is primarily browser-based right now, any application that can render web pages (and uses WebRTC) is affected, meaning anyone who wants to can see past your VPN to where you really are and who you really are. Advertisers, data brokers, and governments can use it to peek through your VPN to find out where your connection is really coming from. If you use services like BitTorrent, have a set-top box like a Roku, or just stream music or movies on your computer through a site that's not available in your country (or you're an expat and live abroad), the apps and services you use could suddenly stop working
|WebRTC-STUN-VS-TOR-VPN-Proxy | | UnhappyGhost - Ethical Hacker - Security Expert - India|