Google is in the process of patching the issue

Jun 24, 2016 23:20 GMT  ·  By

A team of researchers from Israel and Germany have discovered a bug in Google Chrome that allows users to download any movie played through the browser's DRM technology.

For Chrome, Google uses a DRM component called Widevine, which encrypts video content sent from premium services to the users' browsers. Google's Widevine DRM is used to play premium content from services like Netflix, YouTube Red, or Amazon Prime.

Bug allows pirates to tap the Widevine DRM

The researchers claim they identified a bug in Chrome's Widevine implementation that allows them to intercept the video content while in transit from the Widevine module to the browser's video player.

For a short moment, the premium video content is stored in an unprotected area of the computer's memory. The two researchers created an application that extracts this data and then saves it to disk.

The researchers say they reported the issue to Google on May 24, but the company is still evaluating how to patch the bug. David Livshits and Alexandra Mikityuk, the two researchers who discovered the issue, warn that if Google doesn't patch the bug in 90 days, they will release details about the bug to the public, giving movie pirates the ability to easily download any Netflix release with the push of a button.

Bug specific to all Chromium-based browsers

A Google representative has told Wired that the bug is not specific to Chrome, but to the entire Chromium project, meaning other browsers may also be affected, but not Safari, Firefox, IE, or Edge, which use different DRM modules.

The researchers said that forcing the Widevine DRM to run inside a Trusted Execution Environment (TEE) inside the computer's memory would fix the bug.

In related news, rumors surfaced today that Netflix would soon allow its users to download movies to their PCs. While this negates the Chrome bug, other services are still affected.