It has been revealed that two researchers have found a bug in Google Chrome that allows video to be downloaded from sites such as Netflix and Amazon Prime.
Naturally, the details have not been made public but the researcher have given Google 90 days to rectify the problem.
It appears that the problem is connected to Chrome’s implementation of Widevine , a digital management system that communicates video stream.
Basically, when a user wishes to watch something, Widevine sends a license request to decrypt the video and then sends it to a browser for viewing via a stream.
Google Chrome however allows third parties to copy the video stream as it is being sent to the browser to play.
Normally, you would expect a DRM to restrict the flow on data to ensure that it only goes to the browser and cannot be intercepted.
Widevine was bought by Google back in 2010 with the intention of securing streams. It appears that this vulnerability has been in place ever since it was added to Chrome.
Firefox and Opera also rely on the Widevine DRM although the researchers have said that the problem only relates to Chrome. Internet Explorer and Safari both use their own DRM systems.
The researcher, Alexandra Mikityuk and David Livshits are giving Google 90 days before they will publish more details about their findings.
The pair said that a simple patch would stop the problem for now but Google would have to redesign Widevine to ensure that streams cannot be hijacked in future.