Google Chrome browser flaw catches video just after it's decrypted, making life easier for video pirates.
According to Life Hacker, one of the weapons copyright holders use in their fighting against content piracy is digital rights management (DRM). Google Chrome uses DRM technology called Widevine for materials from Netflix and other copyright media content that is streamed through its browsers.
DRM technology generally restricts the access and reproduction of the protected content. However, security researchers as well as video pirates have found a way to bypass this.
The Widevine DRM handles key or license exchanges to decrypt content in the Chrome browser and works by communicating with the content protection systems of video streaming companies like Netflix. A vulnerability that allows for content to be recorded as it streams through the desktop version of the browser has been found by security researchers from Ben-Gurion University Cyber Security Research Center (CSRC) in Israel.
The researches have mentioned the security flaw in an interview with Wired. They have said the bug is simple but until Google discloses the bug itself, the researchers refused to share details about it. They have notified Google of the bug last month but a patch for it still hasn't been released yet.
A Google spokesperson stated that the issue is not isolated to Chrome as it could affect any browser derived from an open source project called Chromium. However, taking in consideration the pressure copyright holders have putting on Google to stop pirated content on its YouTube streaming service, it is surprising the company did not patch the security flaw yet. Copyright experts expect that Netflix, Hollywood studios and other streaming services will further complain about this bug.
According to Engadget, Firefox and Opera also use Widevine, so it is likely that they might be affected by the same security bug. However, there is no guarantee that other anti-copying systems are safe, either. Still, if Google wants to maintain the media industry's trust, the company may need to close this security issue as best it can.