Chrome DRM bug makes it easy to download streaming video
Security researchers have discovered a vulnerability in the Google Chrome browser that could allow users to bypass itscopy protection system and download content from streaming video services like Netflix and Amazon Prime Video. According to Wired, Google was alerted to the problem on May 24, but is yet to issue a patch.
The vulnerability centers around the Widevine digital rights management system—which Google owns and has implemented into Chrome—and specifically how it handles decryption of encrypted media streams. Widevine uses two pieces of tech to protect content: the encrypted media extensions (EME), which handle key exchanges and other high-level functions, and a content decryption module (CDM), which unscrambles encrypted video for playback in the browser.
Unfortunately for Google, the researchers discovered it’s possible to hijack the decrypted movie stream right after the CDM decrypts the film, before it’s displayed in the browser. With the right software—and let’s face it, it doesn’t take long for pirating software to appear following the discovery of a vulnerability—any user would be able to download streaming content for keeps.