Chrome exploit makes life easier for video pirates

The browser flaw catches video just after it's decrypted.

Thomas Trutschel/Photothek via Getty Images

Media giants insist on copy protection systems in browsers to prevent bootleggers from copying video streams, but these anti-piracy measures aren't foolproof. Security researchers have found a flaw in Chrome (and any Chromium-based browser) that circumvents Google's Widevine digital rights management. As the system doesn't check to make sure that decrypted video is playing only in the browser, it's possible to capture that video right as it's passed to the browser's media player. With the right software, you'd only need to hit play to start copying a Netflix movie.

The investigators aren't saying exactly how the technique works until and unless there's a patch. However, they describe it as relatively simple. It has likely been around ever since Google implemented Widevine in Chrome, they add.

How much Google can do about it is another matter. The company tells Wired that it's looking closely at the exploit, but that Chromium's open source nature means that anyone could "create their own versions" of the software that either use different copy protection or modify how it works. Also, it's not certain that this is a Google-specific problem. Firefox and Opera use Widevine, so it's possible that they might behave the same way. There's no guarantee that other anti-copying systems (like those used by Apple's Safari or Microsoft's Edge) are safe, either. Still, Google may need to close this hole as best it can if it wants to maintain the media industry's trust.