WebRTC doesn't just leak the client IP address, it also leaks the public IP address of all network interfaces on the machine. If you're on a VPN, it can mean you leak your real IP address, too. Many Chinese use VPNs to circumvent censorship or participate in speech, so leaking your real IP address is potentially life threatening.
Yes, and Java can leak your real IP address and Flash can leak your real IP address.
If you attack scenario is trying to circumvent authoritative governments, don't use a web browser with extra features or plugins like WebRTC turned on.
"Hiding a users 's true IP at all costs who are using a VPN" is not a reasonable design expectation for mainstream browsers. They are fixing bugs and adding features. This is an extreme edge case at best for them.
You listed two things that are optional plugins and are being aggressively deprecated.
The vast majority of Chinese users who use VPNs aren't technologically savvy and just want to read the NYTimes or watch Netflix. Now any embedded ad or tracker can rat them out[1]. We shouldn't ask them to jump through 15 hoops or deal with the the slowness of Tor. A VPN offers a very good compromise of ease vs. security for casual users.
It's not a leak. It's integral to the way WebRTC works. The purpose is to implement a highly-secure, multiplexed audio/video/data channel on top of IP. To do that, you must exchange publicly addressable IP addresses.
There are already forced opt-ins for accessing the microphones and cameras, this should probably be fully extended to require the user to opt-in when any WebRTC feature is used.
