A Google vulnerability could allow bad actors to hijack video content from protected videos, according to online newspaper Jewish Business News.
A flaw within the encryption technology of Widevine EME/CDM is said to hold the potential to allow attackers to steal protected content from a number of streaming services. The flaw could allow an attacker to workaround protections and save a decrypted file, which they can then make available to pirated sites.
Researchers from the Ben-Gurion University of the Negev Cyber Security Research Center (CSRC) working with a security researcher from Telekom Innovation Laboratories in Berlin, offered an attack proof-of-concept capable of saving a decrypted version of streamed content protected by Google Widevine DRM that was played on a computer’s disk drive via Google Chrome.
Google’s security team has been notified of the flaw and the researchers, via Google’s Project Zero for responsible disclosure, are aiding in developing a patch.
“We appreciate the researchers’ report and we’re examining it closely,” a Google spokesperson informed SCMagazine.com. “Chrome has long been an open-source project and developers have been able to create their own versions of the browser that, for example, may use a different CDM or include modified CDM rendering paths. The Chrome browser, however, is required to protect compressed video and does so.”