1. TechSpot is dedicated to computer enthusiasts and power users. Ask a question and give support. Join the community here.
    TechSpot is dedicated to computer enthusiasts and power users.
    Ask a question and give support.
    Join the community here, it only takes a minute.
    Dismiss Notice

Chrome flaw lets users download movies from services like Netflix

By Shawn Knight ยท 8 replies
Jun 24, 2016
Post New Reply
  1. Security researchers David Livshits from the Cyber Security Research Center at Ben-Gurion University and Alexandra Mikityuk of Telekom Innovation Laboratories have uncovered a flaw in Google’s Chrome web browser that could allow users to save illegal copies of movies streamed from services like Netflix and Amazon’s Prime Video.

    The vulnerability exists in how Google implements the Widevine EME/CDM technology used by Chrome to stream encrypted video.

    As Wired explains, the problem relates to the implementation of a digital management system called Widevine which uses encrypted media extensions to allow the content decryption module in your browser to communicate with the content protection systems used by companies like Netflix to deliver encrypted movies to its customers.

    EME is responsible for handling the key or license exchange between the protection systems of content providers and the CDM component of your browser. When users select a movie to play, the CDM requests a license from the provider through the EME interface. When it receives the license, the CDM is able to decrypt the video and send it to your web browser player to stream the decrypted content.

    A quality DRM system, Wired continues, should protect the decrypted data and only let you stream the content in your browser. Google’s system, however, lets you copy it as it streams. This allows those with the right knowledge, like Livshits and Mikityuk, to hijack the decrypted movie as the CDM decrypts it and sends it over to the player for streaming.

    To demonstrate the flaw which was first discovered about eight months ago, the duo created a proof-of-concept executable file that’s shown in the embedded video above.

    The two say they notified Google of the flaw on May 24 but the search giant has yet to issue a patch. They’ll wait at least 90 days before revealing to the public exactly how the flaw works as they don’t want people stealing movies. The good news, they note, is that it should easily be fixable via software update but that doesn’t really solve the underlying problem.

    A spokesperson for Google told Wired that the issue isn’t exclusive to Chrome and could apply to any browser created from Chromium, the open-source code in which Chrome was built on. What that means is that, even if Google patches Chrome, other browser makers could eliminate the code which would leave streaming content once again vulnerable.

    Permalink to story.

  2. Uncle Al

    Uncle Al TS Evangelist Posts: 2,796   +1,534

    That's no flaw! It's simply one of those infamous Microsoft "Undocumented Features" ........ nuff said!
    davislane1 and wastedkill like this.
  3. GregonMaui

    GregonMaui TS Rookie Posts: 16

    Not to be technical here, but Chrome is Google, no MS. A more appropriate response would be they steal your data and Netflix at the same time
  4. Skidmarksdeluxe

    Skidmarksdeluxe TS Evangelist Posts: 7,986   +2,876

    What flaw? I see it as a benefit.
  5. Darth Shiv

    Darth Shiv TS Evangelist Posts: 1,762   +435

    RebelFlag likes this.
  6. jcp0908

    jcp0908 TS Rookie

    Is there really any interesting stuff exclusive for Netflix? If not then I couldn't care less about this and continue using torrent.
  7. davislane1

    davislane1 Inquisitor Posts: 4,494   +3,490

  8. i7junkie

    i7junkie TS Rookie

    Daredevil and Jessica Jones or ANY Netflix movie or show is available without Netflix, nothing is exclusive.
  9. Camikazi

    Camikazi TS Evangelist Posts: 895   +263

    There is no legal way to watch Netflix produced and exclusive shows without Netflix, yes you can do it but no it will not be legal.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...