For years Hollywood has waged a war on piracy, using digital rights management technologies to fight bootleggers who illegally copy movies and distribute them. For just as long, hackers have found ways to bypass these protections. Now two security researchers have found a new way, using a vulnerability in the system Google uses to stream media through its Chrome browser. They say people could exploit the flaw to save illegal copies of movies they stream on Chrome using sites like Netflix or Amazon Prime.
David Livshits from the Cyber Security Research Center at Ben-Gurion University in Israel and Alexandra Mikityuk with Telekom Innovation Laboratories in Berlin, Germany, alerted Google to the problem on May 24th, but Google has yet to issue a patch. The vulnerability exists in the way Google implements the Widevine EME/CDM technology that Chrome uses to stream encrypted video. The researchers created a proof-of-concept executable file that easily exploits the vulnerability, and produced a brief video to demonstrate it in action.