Security researchers from the Cyber Security Research Center of Ben-Gurion University have discovered a flaw in the Google Chrome browser which could be exploited to allow users to make pirated copies of video streams protected by digital rights management.
Media giants such as Netflix and Amazon require internet browsers to have certain systems in place to prevent users from copying the content shown in the video streams of their respective platforms. However, a bug in Chrome's Widevine DRM circumvents the protection that Google has in place.
Widevine utilizes encrypted media extensions to connect Chrome's content decryption module with Netflix's and Amazon Video's content protection systems. The systems pass licenses between them to allow Chrome to decrypt and stream the copyright-protected video.
The flaw surrounds the fact that Widevine currently does not check to ensure that the video is only playing in Chrome. As such, users can capture the content as it is passed through the media player of the internet browser, effectively recording the video through separate software as it is played.
The researchers have not revealed the specifics on the exploit, as the flaw has not yet been fixed. Google was informed about the Chrome exploit back on May 24, but there has still been no patch released to prevent other users from using the exploit. Before they divulge the flaw's details, the researchers will be waiting 90 days, which is the number of days that Google's own Project Zero gives companies to fix the vulnerabilities that the team finds in their software.
Google, however, said that while it is still examining the exploit, the open source nature of Chromium would mean that any other user will be able to create their own version of the software with different means for anti-piracy protection, or with modifications on how these systems work.
In addition, the problem might not be specific only to Google. Widevine is also used by Mozilla's Firefox and Opera, which means that the exploit could also be present in these rival internet browsers. There is also no definite guarantee that the DRM systems used by other browsers such as Microsoft's Edge and Apple's Safari are safe from the flaw.
Nevertheless, Google should get around to fixing the bug, to be able to keep the trust of content providers and users alike.
Back in April, the number of monthly active mobile users for Chrome surpassed 1 billion, a milestone that was accompanied by the 50th release of the internet browser.