Google Chrome Bug Lets You Download DRM-Protected Content From Netflix, Amazon

Status
Not open for further replies.
Exterminator

Exterminator

Community Manager
Thread author
Verified
Staff Member
Well-known
Oct 23, 2012
12,527
Google Chrome Bug Lets You Download DRM-Protected Content From Netflix, Amazon

A team of researchers from Israel and Germany have discovered a bug in Google Chrome that allows users to download any movie played through the browser's DRM technology.

For Chrome, Google uses a DRM component called Widevine which encrypts video content sent from premium services to the users' browsers. Google's Widevine DRM is used to play premium content from services like Netflix, YouTube Red, or Amazon Prime.

Bug allows pirates to tap the Widevine DRM
The researchers say they identified a bug in Chrome's Widevine implementation that allows them to intercept the video content while in transit from the Widevine module to the browser's video player.

For a short moment, the premium video content is stored in an unprotected area of the computer's memory. The two researchers created an application that extracts this data and then saves it to disk.
The researchers said they reported the issue to Google on May 24, but the company is still evaluating how to patch the bug. David Livshits and Alexandra Mikityuk, the two researchers that discovered the issue, said that if Google doesn't patch the bug in 90 days, they will release details about the bug to the public, giving movie pirates the ability to easily download any Netflix release with the push of a button.

Bug specific to all Chromium-based browsers
A Google representative told Wired that the bug is not specific to Chrome, but to the entire Chromium project, meaning other browsers may also be affected, but not Safari, Firefox, IE, or Edge, which use different DRM modules.

The researchers said that forcing the Widevine DRM to run inside a Trusted Execution Environment (TEE) inside the computer's memory would fix the bug.

In other related news, rumors surfaced today that Netflix will soon allow its users to download movies to their PCs. While this negates the Chrome bug, other services are still affected.
Click to expand...
 
  • Like
Reactions: Ink, Jrs30, Rishi and 6 others
DJ Panda

DJ Panda

Level 30
Verified
Top Poster
Well-known
Aug 30, 2015
1,928
I am not a pirater and hopefully no one else on the forum is.. Anyway, it sucks I wonder how many people know about this and hopefully the bug will get patched soon so google doesn't get sued..
 
  • Like
Reactions: Jrs30, Rishi and Der.Reisende
jamescv7

jamescv7

Level 85
Verified
Honorary Member
Mar 15, 2011
13,070
Very smart but also terrible move, you can be such clever to have that bug, however in short term time; it's been abused no matter circumstances.
 
Status
Not open for further replies.

Similar threads

silversurfer
    • Like
    • +Reputation
New Update 'Streaming Enhanced' extension Skips ads on Netflix, Prime Video, Disney+
Replies
4
Views
659
Web Extensions
Stargazer_Steve
Stargazer_Steve
vtqhtr413
    • Like
    • +Reputation
Technology Google and Microsoft are working on the EnableTcpPortRandomization feature
Replies
0
Views
214
Technology News
vtqhtr413
vtqhtr413
Gandalf_The_Grey
    • Like
Following Edge, Google Chrome makes screenshotting video a lot easier with new feature
Replies
0
Views
396
Chrome & Chromium
Gandalf_The_Grey
Gandalf_The_Grey

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

Quick Navigation

Forum Rules Warning System Welcome Guide Two-factor Authentication

User Menu

Login

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top