A Google Chrome bug in the DRM that handles encrypted streaming video, such as Netflix streams, is allowing pirates to rip and download decrypted videos.
Originally reported by Wired, the bug came to light after security researchers David Livshits (Cyber Security Research Center at Ben-Gurion University in Israel) and Alexandra Mikityuk (Telekom Innovation Laboratories in Berlin, Germany) discovered the bug, which could have been present for more than five years.
The researchers have already informed Google of the bug, and have uploaded
a proof of concept video online to YouTube, but have withheld key information until Google can come up with a fix.
The bug exists within Google's Widevine DRM module, and the bug is allowing copies of decrpyted videos to be made, instead of only making the video available for streaming.
Boing Boing's Cory Doctorow also
points out an interesting side note, suggesting that by pointing out the security flaw, Germany's Mikityuk could in fact be breaking anti-circumvention laws in his country, possibly facing criminal and civil liability. Doctorow contends that this could be the reason why this and other similar bugs are often not reported, for fear of liabilities resulting from anti-circumvention laws around the world.
It's unknown if the exploit has been used in the wild by pirates to rip Netflix streams in the past.