[Udo]

A quick heads-up:

  These requests do not show up in developer consoles and 
  cannot be blocked by browser plugins

I'm using FF with a WebRTC-blocking plugin, and it does successfully block the proof-of-concept exploit (it's called "Happy Bonobo Disable WebRTC", an admittedly shady name, but there are surely others).

[diafygi]

Yes, most of those plugins were made after this test was created. This one just sets "media.peerconnection.enabled" to false in Firefox's settings. However, it means you have to disable WebRTC entirely, not just the STUN requests.

Unfortunately, Chrome doesn't let you disable WebRTC at all unless you recompile with "-Denable_webrtc=0", and Chrome blocking plugins are easily bypassed (see some pull requests in my repo).

[toonse]

Even if you have the SafeScript and WebRTC extensions installed in Chrome? (no settings changed). That combo passed every online test I could find.