Hollywood has been in a constant battle with pirates for a considerable length of time, and while it normally spends its time worrying about leaked Blu-ray discs and screeners, there has always been the concern that they would be able to take streaming services such as Netflix and Amazon Prime and save video files wholesale with minimal effort. That has generally not been too huge of a problem in reality, but that may be about to change.
Researchers David Livshits from the Cyber Security Research Center at Ben-Gurion University and Alexandra Mikityuk of Telekom Innovation Laboratories have reportedly discovered a way to hijack video that is being played in Google Chrome from either Netflix or Amazon Prime and then output it as a file.
The bug, apparently part of the Widevine EME/CDM technology that Chrome web browser uses in order to download and decode encrypted video streams, has been available as part of Chrome for a while now, although the researches did reach out to Google four weeks ago in order to make them aware.
Google has been slow to get back to the team, which is why they have gone public now, though they haven’t actually released any technical details as to how they managed to find the bug in the first place. Google, for its part, is playing coy.
We appreciate the researchers’ report and we’re examining it closely. Chrome has long been an open-source project and developers have been able to create their own versions of the browser that, for example, may use a different CDM or include modified CDM rendering paths. The Chrome browser, however, is required to protect compressed video and does so.
Google will presumably validate the bug and then patch it if required, but with Chromium being out in the wild and presumably carrying the same bug, things may be about to get interesting for Google and its Chrome web browser.