Chrome Bug Makes It Easy To Download Movies From Netflix and Amazon Prime

A vulnerability found in Chrome by researchers allows people to save copies of movies and TV shows from streaming websites such as Netflix and Amazon Prime. From a Gizmodo report:The vulnerability, first reported by Wired (Editor's note: Wired blocks adblockers), takes advantage of the Widevine EME/CDM technology that Chrome uses to stream encrypted video from content providers. Researchers David Livshits from the Cyber Security Research Center at Ben-Gurion University and Alexandra Mikityuk of Telekom Innovation Laboratories discovered a way to hijack streaming video from the decryption module in the Chrome browser after content has been sent from services like Netflix or Amazon Prime. The researchers created a proof-of-concept (which is currently the only evidence of the exploit) to show how easily they could illegally download streaming video once CDM technology has decrypted it.Google was notified of the bug last month but is yet to patch it.

In the Case of Prime

[twmcneil]

This should be called a feature. Netflix advertises itself as a streaming service. Amazon Prime claims that you can "own" the movie. Problem is Prime is still just a streaming service. It's false advertising and the reason I don't use Prime for movies. If I "buy" a movie, I expect to be able to d/l to a portable drive so I can watch it when I don't have a data connection. If I subscribe to streaming service, I won't have that expecation.

Re:Illegally?

[NotInHere]

thanks to mpaa and friends, bypassing DRM (even if its for legal purposes!) is illegal. Documenting how to bypass it is illegal too.

In fact, if you tell google about the "vulnerability", you already commit a crime. Therefore, I think its best that google doesn't fix the "vulnerability", because if they fix it, people will find out about the details of the "vulnerability" by reading the git history, and this means google commits a crime itself.