CDSA

Chrome DRM Bug Makes it Easy to Download Streaming Video (ARS Technica)

[svg-table-content]

Security researchers have discovered a vulnerability in the Google Chrome browser that could allow users to bypass itscopy protection system and download content from streaming video services like Netflix and Amazon Prime Video. According to Wired, Google was alerted to the problem on May 24, but is yet to issue a patch.

The vulnerability centers around the Widevine digital rights management system—which Google owns and has implemented into Chrome—and specifically how it handles decryption of encrypted media streams. Widevine uses two pieces of tech to protect content: the encrypted media extensions (EME), which handle key exchanges and other high-level functions, and a content decryption module (CDM), which unscrambles encrypted video for playback in the browser.