There is an ongoing battle between Hollywood and online pirates that have lasted for about a decade already, and a recently bug from popular web browser Google Chrome seems to tip the balance in favor of piracy. A pair of security researchers stated that they have discovered a security vulnerability in the web browser of which allows people to actually save illegal copies of movies from streaming sites, some of which can be acquired from popular video streaming services such as Amazon Prime and Netflix.
Google Chrome Bug Lets Users Save Videos from Netflix and Amazon Prime
The Google Chrome vulnerability was first reported by Wired, and it takes advantage of the Widevine EME/CDM technology of which the browser users in order to let users stream videos from online content providers while still being encrypted. The aforementioned researchers are that of David Livshits from Cyber Security Research Center located at Ben-Gurion University, and Telekom Innovation Laboratories’ Alexandra Mikityuk. They have discovered a way to get into a streaming video from the decryption module in the browser after the content has been sent from services.
In order to show evidence of the existence of the Google Chrome bug, they have created a proof-of-concept (which is, at the time of writing, the only evidence of the online exploit). In the evidence, the researchers showed how easily it is they could illegally download streaming videos once the CDM technology decrypts it.
Back on May 24 of this year, the two researchers privately disclosed the security vulnerability to search engine and tech giant Google. Surprisingly, to this day, the bug has not been resolved yet. Livshits and Mikityuk stated that they’re waiting at least 90-days following the disclosure to Google prior to the researchers revealing the details about the bug to the public. It should be noted that this is the same amount of time Google’s Project Zero security analyst team gives vendors to repair security vulnerabilities that they discover.
Wired reports that the major concern facing Google with regards to this particular exploit can be traced to Chromium, which is the open-source code of which the Google Chrome browser is based off. In Chromium, it would still allow malicious cyber attackers to take advantage of the known vulnerability. Therefore, even if the company were to find a solution or a patch to repair the bug, there are other capable developers out there that could theoretically create another web browser while still using the open-source code found in Chromium. Then, they could override said code and exploit the bug nonetheless.
Share This on Facebook