June 27, 2016
A Google Chrome flaw has opened the door for pirates to download movies and TV shows from Netflix, Amazon Prime and other streaming services.
A pair of security researchers who discovered the bug contacted Google about the problem May 24, but the tech giant has yet to release a patch to fix the problem.
Although the security researchers — David Livshits from the Cyber Security Research Center at Ben-Gurion University in Israel and Alexandra Mikityuk with Telekom Innovation Laboratories in Berlin, Germany — will not give exact details on how the flaw works, they did say it is easy to exploit.
The flaw, the researchers told Wired, evades Google’s Widevine digital rights management — meaning, because there is no check to ensure decrypted video is playing only in the browser, pirates can nab the video as soon as it is passed to the browser’s media player.
The bug, they said, has probably been in existence since Google added Widevine to Chrome.
Google told Wired it is looking into the issue, but added that the problem is not only found in Chrome — in fact, it could exist in any browser created from Chromium, an open-source code from which Chrome was created.
Firefox and Opera, which also use Widevine, could also be vulnerable to the bug, for instance, although those have not been tested.
“Chrome has long been an open-source project and developers have been able to create their own versions of the browser that, for example, may use a different CDM or include modified CDM rendering paths,” the Google spokesman told Wired.
To see the flaw in action, check out the video below.
Jennifer Cowan is the Managing Editor for SiteProNews.