An interesting exploit has been found in the Google Chrome web browser that gives the ability to make copies of DRM-protected streams. The vulnerability was discovered by security researchers from Ben-Gurion University Cyber Security Research Center (CSRC).
The team says the exploit is a problem for all Chromium-based browsers and can be used on any video streaming service with DRM-protected content. Researchers add that it is possible to sidestep Widevine encryption, which is the standard Google uses to make sure streams are secure.
Widevine was a 2010 Google acquisition which is used to block potential piracy by stopping the copying of video content on such sites a premium YouTube channels, Netflix, and Amazon Prime. Researchers David Livshits and Alexandra Mikityuk say that if discovered the flaw is very easy to enact, making it a simple process for someone to copy DRM-protected content.
It seems that Widevine does not perform the necessary checks to ensure the stream is only being played in the Chrome browser. The vulnerability makes it possible for someone to bypass the Content Decryption Module in the media player and copy it.
This is obviously not good news for Google and the market leading Chrome browser, but the company has not solved the issue. CSRC says it informed the company about the exploit in May, but so far Mountain View has yet to send out a fix.
Nothing drives home the fact like video evidence, so check out the video created by the researchers that shows the exploit in action.
The researchers who discovered the problem have released a video that shows the exploit in action.
To stop someone opening a fake DVD store on your street corner, the details of the vulnerability have not been given in full. It is worth noting that both Firefox and Opera use Windvine too, although not tests have been conducted to see if they have the same issue.