Bad news for anti-piracy advocates: a bug in Google’s Chrome browser can potentially let users save illegal copies of movies using sites like Netflix.
Security Researchers from Ben-Gurion University Cyber Security Research Center (CSRC) said the flaw in Chrome’s DRM allows attackers to steal protected content easily.
In a YouTube video, they said users can save Widevine DRM-protected content during playback (https://www.youtube.com/watch?v=5CkWjOvpZJw&feature=youtu.be).
Tech site “Wired.com” reported that David Livshits from the Cyber Security Research Center at Ben-Gurion University in Israel and Alexandra Mikityuk with Telekom Innovation Laboratories in Berlin, Germany, alerted Google to the problem May 24.
However, Google has yet to issue a patch, it said (https://www.wired.com/2016/06/bug-chrome-makes-easy-pirate-movies/).
Apple’s Safari and Microsoft’s Internet Explorer do not use Widevine. Their respective CDMs have not been tested by the researchers yet.
The problem stems from the Widevine digital management system, which TechCrunch said Google owns but did not create.
“A good DRM system should protect that decrypted data and only let you stream the content in your browser, but Google’s system lets you copy it as it streams. The point at which you can hi-jack the decrypted movie is right after the CDM decrypts the film and is passing it to the player for streaming,” Wired said.
It quoted a Google spokesperson they are examining the issue closely, but added the spokesperson downplayed the bug, saying the problem is not exclusive to Chrome.
The spokesperson added the bug could apply to any browser created from Chromium, the open-source code Chrome is based on.
Meanwhile, Wired said the researchers have yet to examine other browsers such as Firefox and Opera, which also use the Widevine CDM.