Skip to main content

A bug in Chrome makes video stream piracy way too easy

Acer Chromebook 14 CB3-431-C5FM
Bill Roberson/Digital Trends
Although there is some acceptance around the world that once you put something online, someone is probably going to try to pirate it, most media companies and website owners like to add a degree of difficulty — so at least not everyone can do it. Chrome, it seems, is a notable exception, as a bug in the Google-designed browser is making it a piece of cake to rip just about any stream online.

This isn’t something Google meant to happen, of course. It uses a digital rights management (DRM) system called Widevine to protect online streams, but this latest bug just skips right by it. We’d love to tell you how it all works — for the intellectually curious only, of course — but the people who figured it out aren’t telling anyone, for obvious reasons.

They do say, though, that the bug has likely been present since Google implemented Widevine protection within Chrome several years ago. The concern is that the bug could be used to easily rip streams from the likes of Netflix or Amazon video, which could seriously threaten those businesses if the practice became widespread.

Of course they have reached out to Google which is now aware of the issue. While the presumption is that the search giant is fixing up the flaw, the researchers have said they will disclose the bug 90 days after reporting it to Google (according to Wired), so if no action is taken, an incentive exists nonetheless.

It seems unlikely that Google would ignore such a report — especially now it’s been so widely reported — but it may need to do more than just shore up this hole. The issue exists due to the way Chrome’s DRM system works, so it may need to revamp it entirely so decrypted video streams are stored within a secure space, rather than openly as they are now.

Perhaps more worryingly, though: Google isn’t necessarily the only one that may have to update its browser. When pressed for a statement on the matter, Google said that this issue could exist in every browser using Chromium foundations.

What will be interesting to learn is whether Firefox and Opera also have a similar bug present. While not based on the Chromium system, they do both utilize the Google-owned Widevine DRM. Other browsers, like Safari and Internet Explorer, do not.

Editors' Recommendations

Jon Martindale
Jon Martindale is the Evergreen Coordinator for Computing, overseeing a team of writers addressing all the latest how to…
Chrome just added a great new way to protect your passwords
The Google Chrome logo on a black phone which is resting on a red book

Chrome will soon let you use biometric data to autofill forms online, according to Chrome Unboxed. This is something Safari has allowed for years on Mac, but if you use Chrome, you must confirm the details by reentering your password or receiving two-factor authentication notifications on another device.

The password flag was spotted in the Chromium Gerritt repository as an alternative way to authenticate yourself when autofilling your passwords stored in Chrome. It's not meant to be a replacement, and when it does roll out to the public, it appears to be a setting you need to turn on. That could change between now and then, of course.

Read more
Google Chrome extensions are failing, and $8,000 is on the table for a fix
A mouse pointer hovering over the CrankWheel Chrome Eextension.

There seems to be some mysterious problem affecting certain Chrome extensions, but it's intermittent enough that it hasn't yet been solved. The problem is annoying enough that one developer has posted two $4,000 bug bounties and created an Upwork job listing that pays up to $150 per hour. These incentives might inspire others to help track down and fix the bug.

First spotted by TechRadar and described in detail in a blog post written by Jói Sigurdsson, founder and CEO of the CrankWheel screen-sharing extension for the Google Chrome browser, the bug is related to a failure to trigger an action when the extension's icon is clicked on the toolbar. Since this is frequently how an extension is used, it's a crippling error. Unfortunately, the problem is difficult to recreate and is estimated to impact only 3% to 5% of those that have affected extensions installed.

Read more
Update Google Chrome now to protect yourself from an urgent security bug
Google Chrome app on s8 screen.

Google posted a security update for its Chrome browser that fixes what's known as a zero-day bug. The problem affects Chrome on Windows, Mac, and Android. The flaw can lead to arbitrary code execution, a serious security vulnerability, so it's best to download and install the latest version immediately. Zero-day bugs mean that this is a known weakness and, in this case, Google said that the flaw is already being exploited by hackers.

Google did not post a detailed explanation of how the exploit works, but will do so when the majority of people have updated, making the danger of further attacks less severe. The most severe bug is identified as CVE-2022-2294 and the update also patches CVE-2022-2295 and CVE-2022-2296.

Read more