Chrome vulnerabilities allow pirates to bypass DRM on movies

Security researchers have discovered a Chrome vulnerability that potentially allows pirates to illegally make copies of movies, according to a report in Wired. The problem is with the implementation of Widevine DRM, a technology product by a Google owned company that provides content protection for Internet Video Delivery. The problem is with the Widevine Content Decryption Module, also known as a CDM. The CDM uses an authentication token to decrypt video sent over a secure channel, and passes on the information to the video player in the browser. The exploit allows pirates to hijack the movie after the CDM has extracted it, and before it reaches the browser. The security researchers have not given details on the exploit, as they do not want pirates to use the method before Google patches the bug with an update for Chrome. They have put up a video on YouTube though, demonstrating the attack.

There are other browsers that implement the Widevine CDM, including Opera and Firefox. The same method used to bypass the security on Chrome may be possible on Opera and Firefox as well. Apple’s Safari and Microsoft Edge have their own implementations to protect video content. On Chrome, video from services such as Amazon Prime and Netflix can be copied using this method.