Google Chrome has apparently been letting Netflix and Amazon Prime users download and copy encrypted video from their services, at least since the known bug has been brought to their attention on May 24. But there still hasn’t been a patch for this bug, and the amount of illegal downloading and copying is immeasurable at this point.
The Google Chrome vulnerability, as reported by Wired, allows for users of major streaming services like Netflix and Amazon Prime, who use digital rights management to secure their content, to make copies of the encrypted media and possibly sell them to other parties.
The bug in Google Chrome became public when researchers in Israel and Berlin were able to spot it, and they even made an example of the illegal download in a video that was posted to YouTube.
David Livshits (Cyber Security Research Center at Ben-Gurion University in Israel) and Alexandra Mikityuk (Telekom Innovation Laboratories in Berlin, Germany) have both been able to duplicate the instance where the bug in Google Chrome exists, and they have both alerted Google to the problem. But although Google has known about it since at least May 24, they have still yet to offer any patch or solution to the problem.
For users of Netflix and Amazon Prime, the Google Chrome bug would seem to be mostly inconsequential. But for production studios and the streaming companies themselves, the bug could be the source of a much bigger problem down the road, which could lead to increased prices on the backend for users of Netflix and Amazon Prime. In an extreme scenario, it could lead to cases where content from those platforms could be taken down until Google Chrome can send out a patch for the issue.
The problem within the Google Chrome browser is a bit complicated, but it is centered around a digital rights management issue that can leave the content vulnerable. The DRM system, which is Widevine, is owned by Google, but they did not create the technology. The basic issue with the Google Chrome bug is that when it communicates on the front end with the content provider on the backend, such as Netflix or Amazon Prime, they are basically making license requests and sending the matching data back and forth.
— Gizmodo (@Gizmodo) June 24, 2016
Without getting too bogged down with the details, the Google Chrome bug allows the two communicators within the DRM system to stream the content. But in this DRM system, it also allows it users to copy the content while streaming it, which completely defies the whole purpose of having a digital rights management system if it allows for the copying. The services are basically meant for a stream only experience for the user, which is what Netflix and Amazon Prime is mostly made of.
But with most users on Google Chrome, the ability to make the copy is not initially shown. It is when the DRM actually sends the license back and the movie (or TV show) starts to decrypt for the streaming. At this point, the Google Chrome bug makes the content available for copy as well and pirates worldwide can take advantage of it.
— Techworm (@Techworm_in) June 25, 2016
So what does this Google Chrome bug mean for the average consumer? Well, just like with all pirated content, it is illegal by U.S. and international law. But then there are the possible fallout ramifications involved. In the case where Google Chrome is unable to provide a patch for the bug, then content providers could eventually pull their content off of the Google Chrome browser altogether.
If this happens, there will be millions of Netflix and Amazon Prime users that won’t be happy, all across the world.
[Photo Illustration by Alexander Hassenstein/Getty Images]