How to Block WebRTC in Chrome Without Breaking Video Calls

The tradeoff that trips people up

When people discover they have a WebRTC IP leak, the first instinct is to find an option that says "disable WebRTC" and turn it on. Chrome used to have a flag for this (chrome://flags/#disable-webrtc). It's gone in modern Chrome versions.

Some older guides suggest using an extension that completely blocks WebRTC. This works for the leak — but it also breaks Google Meet, Zoom in the browser, Discord video, Twitch streaming, and any other real-time communication feature in Chrome.

For most people, that's not an acceptable tradeoff.

The distinction between "disable WebRTC" and "fix WebRTC leaks"

The goal isn't to disable WebRTC. The goal is to prevent WebRTC's IP discovery process from revealing your real IP address.

These are different things:

• **Disabling WebRTC**: no peer-to-peer communication at all. Video calls fail. Completely blocks the leak but breaks functionality.

• **Blocking local IPs from ICE candidates**: prevents your 192.168.x.x addresses from being exposed. Minor privacy improvement — local IPs aren't publicly routable — but doesn't fix the public IP leak.

• **Routing WebRTC through the VPN**: forces ICE to use only the VPN-routed IP for its STUN queries. WebRTC still works; the only IP revealed is your VPN IP. This is the right solution.

How to configure Chrome's WebRTC policy

Chrome has enterprise policy settings that control WebRTC IP handling. In practice, these are most easily set via a Chrome extension rather than actual enterprise policy management.

The relevant setting is 'WebRtcIPHandlingPolicy'. Setting it to 'default_public_and_private_interfaces' forces WebRTC to only use the default network interface (which, if you're on a VPN, is the VPN interface).

WebRTC Privacy Shield in practice

WebRTC Privacy Shield is a Chrome extension that sets this policy correctly. Install it from the Chrome Web Store.

The extension's default configuration uses the "Default public interface only" mode. This means:

• WebRTC is enabled — video calls still work
• ICE candidate gathering only uses the VPN's public interface
• Your real IP address is not included in ICE candidates
• If your VPN drops, the leak detection still prevents your real IP from being included

Verify it's working: with the extension active and your VPN connected, visit browserleaks.com/webrtc. You should see only your VPN's IP in the public IP section. Video calls on Google Meet or Zoom should still function normally.

When "disable WebRTC" is actually appropriate

Some users legitimately don't use any WebRTC features and prefer the stronger protection of disabling it entirely. If you never use browser-based video calls or any real-time communication features, disabling WebRTC is the safest option.

WebRTC Privacy Shield has a "Disable WebRTC" mode for this use case. Enable it only if you're confident you don't need WebRTC functionality — or use it in combination with site-specific overrides for sites where you need video calls.

A note on Firefox and other browsers

Firefox handles this differently. In Firefox, you can set 'media.peerconnection.enabled' to 'false' in about:config, which disables WebRTC cleanly. Firefox also has a 'media.peerconnection.ice.default_address_only' setting that achieves the VPN-routing behavior without disabling WebRTC.

For Chrome, the extension approach is the practical path. The native controls Chrome exposes to the user don't include the necessary WebRTC IP handling settings.

Conclusion

Fixing a WebRTC leak in Chrome doesn't require giving up video calls. The right configuration routes WebRTC through your VPN interface, preserving functionality while closing the IP leak. WebRTC Privacy Shield handles this configuration for you.