Home

Jun 24, 2016

Chrome Bug Makes It Easy to Download Movies From Netflix and Amazon Prime

authorarticle: Master3395
Chrome.jpg
video: 
youtube: 
sources: 
keywords: 
Category: IT
Posted by: Admin

For the past decade, Hollywood’s battle against online pirates has been mainly been focused on leaked DVD screeners and illegal streaming sites.

For the past decade, Hollywood’s battle against online pirates has been mainly been focused on leaked DVD screeners and illegal streaming sites. Now a pair of security researchers say they’ve discovered a vulnerability in the Google Chrome browser that allows people to save illegal copies of movies from streaming sites like Netflix and Amazon Prime.

The vulnerability, first reported by Wired, takes advantage of the Widevine EME/CDM technology that Chrome uses to stream encrypted video from content providers. Researchers David Livshits from the Cyber Security Research Center at Ben-Gurion University and Alexandra Mikityuk of Telekom Innovation Laboratories discovered a way to hijack streaming video from the decryption module in the Chrome browser after content has been sent from services like Netflix or Amazon Prime.

The researchers created a proof-of-concept (which is currently the only evidence of the exploit) to show how easily they could illegally download streaming video once CDM technology has decrypted it.

Livshits and Mikityuk privately disclosed the bug to Google on May 24, and surprisingly, the issue still hasn’t been patched yet. The researchers say the bug is relatively simple, and they’re waiting at least 90 days after the disclosure to Google before they reveal details to the public. This is the same amount of time Google’s Project Zero security analyst team gives vendors to fix vulnerabilities they discover.

Wired points out that major issue facing Google as it deals with this exploit is that Chromium, the open-source code that the Chrome browser is based off, would still allow malicious hackers to take advantage of the vulnerability. Even if Google were to patch the bug, other capable developers could theoretically create a new browser using the open-source Chromium code and override (or ignore) the patch. Still, both Livshits and Mikityuk believe Google should patch its official product, the Chrome browser.

Widevine is currently used in more than 2 billion devices worldwide and is the same digital rights management technology used in Firefox and Opera browsers. Safari and Internet Explorer, however, use different DRM technology. Whether Google ever patches the exploit remains to be seen, but if history has taught us anything, it’s unlikely that this will be the last time Hollywood has to fend off digital pirates.

Update 2:35 p.m.: Google has released the following statement:

We appreciate the researchers’ report and we’re examining it closely. Chrome has long been an open-source project and developers have been able to create their own versions of the browser that, for example, may use a different CDM or include modified CDM rendering paths. The Chrome browser, however, is required to protect compressed video and does so.

authorarticle: Master3395
Chrome.jpg
video: 
youtube: 
sources: 
keywords: 

Comments:

comments powered by Disqus

Return

Sponsored Ads:

Discord

Page 1 of 575  >  >>

This is how Microsoft will bring the Xbox to the TV, without the Xbox

Microsoft.webp

Oct 27, 2020 | Category: Microsoft | Comments

xCloud directly in the HDMI port.

read more…

New Windows update setting

Windows.jpg

Oct 26, 2020 | Category: Microsoft | Comments

Looking to install a specific feature release of Windows 10 when you want it? Here's how.

read more…

Microsoft launches its second update rerun, Windows 10 20H2

Windows.jpg

Oct 25, 2020 | Category: Microsoft | Comments

The Windows 10 October 2020 Update is now available, which means enterprise users can begin testing it before embarking on a broader deployment.

read more…

Page 1 of 575  >  >>