Skip to main content

A bug in Chrome makes video stream piracy way too easy

Acer Chromebook 14 CB3-431-C5FM
Bill Roberson/Digital Trends
Although there is some acceptance around the world that once you put something online, someone is probably going to try to pirate it, most media companies and website owners like to add a degree of difficulty — so at least not everyone can do it. Chrome, it seems, is a notable exception, as a bug in the Google-designed browser is making it a piece of cake to rip just about any stream online.

This isn’t something Google meant to happen, of course. It uses a digital rights management (DRM) system called Widevine to protect online streams, but this latest bug just skips right by it. We’d love to tell you how it all works — for the intellectually curious only, of course — but the people who figured it out aren’t telling anyone, for obvious reasons.

They do say, though, that the bug has likely been present since Google implemented Widevine protection within Chrome several years ago. The concern is that the bug could be used to easily rip streams from the likes of Netflix or Amazon video, which could seriously threaten those businesses if the practice became widespread.

Of course they have reached out to Google which is now aware of the issue. While the presumption is that the search giant is fixing up the flaw, the researchers have said they will disclose the bug 90 days after reporting it to Google (according to Wired), so if no action is taken, an incentive exists nonetheless.

It seems unlikely that Google would ignore such a report — especially now it’s been so widely reported — but it may need to do more than just shore up this hole. The issue exists due to the way Chrome’s DRM system works, so it may need to revamp it entirely so decrypted video streams are stored within a secure space, rather than openly as they are now.

Perhaps more worryingly, though: Google isn’t necessarily the only one that may have to update its browser. When pressed for a statement on the matter, Google said that this issue could exist in every browser using Chromium foundations.

What will be interesting to learn is whether Firefox and Opera also have a similar bug present. While not based on the Chromium system, they do both utilize the Google-owned Widevine DRM. Other browsers, like Safari and Internet Explorer, do not.

Editors' Recommendations