WebRTC is enabled by default in Chrome, Firefox, Edge, and Opera, potentially exposing local and public IP addresses even when using a VPN. — Mozilla Developer Network (2024)

Research shows that 20-30% of browser-based VPN extensions fail to prevent WebRTC IP leaks in their default configuration. — USENIX Security (2023)

WebRTC STUN requests can reveal both IPv4 and IPv6 addresses, bypassing VPN tunnels through direct peer-to-peer connection negotiation. — W3C WebRTC Working Group (2024)