Add a Preference to allow WebRTC only bind to "any address" (all 0s). This way, no local IP or private ISP's public IP leaked when VPN is the default route.

Add webrtc.multiple_routes_disabled preference to RendererPreferences. Default is false. When set to true, a new port allocator flag will be passed to P2PPortAllocator which will have WebRTC only bind to all 0s (any address) IP and the default route will be used as how chrome/http is routed.

Each rtc_peer_connection_handler is associated with a WebFrame and it leads to a webview and then the mapping RenderViewImpl which has RendererPreferences that we care.

The corresponding webrtc change is at


Review URL:

Cr-Commit-Position: refs/heads/master@{#317047}
diff --git a/chrome/common/ b/chrome/common/
index 4b9c52d..9aea51b 100644
--- a/chrome/common/
+++ b/chrome/common/
@@ -1248,6 +1248,12 @@
 const char kCopresenceAnonymousDeviceId[] = "apps.copresence.unauth_device_id";
+// Whether WebRTC should bind to individual NICs to explore all possible routing
+// options. Default is true.
+#if defined(ENABLE_WEBRTC)
+const char kWebRTCMultipleRoutesEnabled[] = "webrtc.multiple_routes_enabled";
 // *************** LOCAL STATE ***************
 // These are attached to the machine/installation