Security researchers have found a bug in Google Chrome that could make pirating online videos easier through an exploit with the right software.
Ironically, the bug comes from copyright protection systems that are installed on web browsers in order to prevent pirates from copying, downloading and redistributing video streams. The security researchers said that the exploit involves the Widevine digital rights management, which is also present in the Mozilla Firefox and Opera.
There was no step-by-step detail on how the exploit would work. The researchers said that skilled hackers could use or develop software that can capture the video before it streams on Google Chrome's media player itself as the DRM does not check whether it is playing only in the web browser and not being downloaded anywhere else, Engadget has learned.
Alexandra Mikityuk from Telekom Innovation Laboratories and David Livshits from the Ben-Gurion University's Cyber Security Research Center have already disclosed the bug to Google so that the search engine giant can whip up a patch. However, there seems to be no fix in sight for the time being.
The bug could allow pirates to directly download video from popular streaming websites such as Amazon Prime or Netflix, Gizmodo reported. Details on how the actual process works will be given by the researchers 90 days after their disclosure of the issue with Google which was on May 24.
Google said in a statement regarding the issue: " We appreciate the researchers' report and we're examining it closely. Chrome has long been an open-source project and developers have been able to create their own versions of the browser that, for example, may use a different CDM or include modified CDM rendering paths. The Chrome browser, however, is required to protect compressed video and does so."
The Widevine DRM system is also present in over 2 billion devices across the world. It is yet unclear whether the bug applies to all of them but there is a possibility that the Firefox and Opera browsers can also allow pirates to use the exploit. Google has not explicitly announced whether they will be developing a patch or not as it hackers would still be able to use the exploit due to the open-sourced nature of the Chrome browser.