WebRTC Leakage in Opera Browser
CVE-2018-6608

4.3MEDIUM

Key Information:

Vendor
Opera
Status
Opera Browser
Vendor
CVE Published:
28 March 2018

Summary

In Opera Browser version 51.0.2830.55, the WebRTC component is vulnerable to an information disclosure issue. When users visit a website designed to collect client information, such as certain specified URLs, the browser may inadvertently reveal the user's private IP address via a STUN request. This vulnerability raises significant privacy concerns, especially for users relying on virtual private networks (VPNs) to maintain anonymity online.

References

https://github.com/VoidSec/WebRTC-Leak
x_refsource_MISC
https://voidsec.com/vpn-leak/
x_refsource_MISC
https://news.ycombinator.com/item?id=16699270
x_refsource_MISC

CVSS V3.1

Score:
4.3
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
None
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.