Hollywood has been in a constant battle against pirates for a considerable length of time, and taking most of its time worrying about leaked Blu-ray discs and screeners, there has been the concern that they would eventually be able to steal streaming services content such as Netflix and Amazon Prime and save video files wholesale with minimal effort. In reality there has not been that huge problem, but that may be about to change.
Reportedly discovered by the researchers David Livshits from the Cyber Security Research Center at Ben-Gurion University and Alexandra Mikityuk of Telekom Innovation Laboratories, a way to hijack video that is being played in Google Chrome from either Netflix or Amazon Prime and then output it as a file.
A flaw in the way Google implemented its content-protection technology for the Chrome that uses to stream encrypted video. The vulnerability exists in the way Google implements the Widevine EME/CDM tech that Chrome web browser uses in order to downloading and decoding video streams. Research team has alerted Google about it’s been available as part of Chrome for a while now, on May 24th, but Google has yet to issue a patch.
Now, the researchers created a proof-of-concept executable file that easily exploits the vulnerability, and produced a brief video to demonstrate it in action. Since the haven’t actually released any technical details as to how they managed to find the bug in the first place. Google, for its part, is playing coy.
“We appreciate the researchers’ report and we’re examining it closely. Chrome has long been an open-source project and developers have been able to create their own versions of the browser that, for example, may use a different CDM or include modified CDM rendering paths. The Chrome browser, however, is required to protect compressed video and does so.”
Originally, the bug uses encrypted media extensions to allow the content decryption module in your browser to communicate with the video protection systems of Netflix streaming and other services to deliver their encrypted videos to you. However, the researchers say the bug is very simple but won’t reveal details on it until at least 90 days after their disclosure to Google.
Google will presumably validate the bug and then patch it if required, but with Chromium being out in the wild and indeed carrying the same bug, things may be about to get interesting for Google and its Chrome web browser.
You may also like to check out: