Researchers find Chrome flaw which circumvents Google's Widevine DRM

Security researchers from Ben-Gurion University Cyber Security Research Center (CSRC) have revealed that they have discovered a vulnerability in Google Chrome -- and all Chromium-based browsers -- which can potentially be used to circumvent Google's Widevine digital rights management (DRM).

Revealing that the newly-detected vulnerability in Google Chrome involves a fairly simple mechanism for bypassing the Widevine encryption technology which is used by Google for securing streams, researchers David Livshits and Alexandra Mikityuk said that the flaw seemingly dates back to Google’s implementation of Widevine in Chrome.

With Google having acquired Widevine in 2010, the encryption technology has been in use in Chrome for quite some time now. The technology is essentially used for prevention of piracy of premium YouTube channels; and also for protecting Amazon Prime and Netflix streams.

Revealing that the vulnerability in Google Chrome can be exploited to churn out copies of DRM-protected video streams, the researchers said that the vulnerability was reported to Google in May, but the company has not yet released a patch to fix it.

Meanwhile, as per a Wired report, Google is apparently looking closely at the Chrome exploit, but is probably in no hurry to patch it. A Google spokesperson told Wired in an email: “Chrome has long been an open-source project and developers have been able to create their own versions of the browser that, for example, may use a different CDM or include modified CDM rendering paths.”