Security experts believe the risks will still be there even if Google issues a patch as hackers will still be able to use the open source Chrome codes to create a new browser.
Security researchers have hit upon a flaw in the Google Chrome browser that could be exploited to create pirated copies of online videos bypassing the DRM backed protection that applies to such media.
The vulnerability owes its existence to the way Google goes about implementing the Widevine EME/CDM technology on its Chrome browser for streaming of encrypted media. The security risk that has first been discovered by David Livshits from the Cyber Security Research Center at Ben-Gurion University in Israel and Alexandra Mikityuk with Telekom Innovation Laboratories in Berlin, Germany claims they have already brought the lapse to the notice of Google.
That has been on May 24th with the researchers further stating they would wait for 90 days before making the bug public. That is also the time frame Google allows its Project Zero security team to plug such bugs.
Google, on its part has acknowledged receiving the security risk information and have stated they are examining those in details. It is only after they are done with this that a suitable fix will be issued. Interestingly, Google also owns the Widevine digital management system.
Wired, that first reported the issue however claimed the bug might still pose a threat even after Google issues a patch. That’s because Chrome being open source, any efficient hacker will still be able to use those codes to effectively create a new browser ignoring any security patch that Google applies to its official Chrome browser. As such, those hackers will still be able to create illegal copies of movies downloaded from streaming sites such as Netflix and Amazon Prime.
Firefox and Opera browsers too rely on the same Widevine digital rights management technology as on Chrome and are in use on more than 2 billion devices world over. Safari and Internet Explorer, on the other hand rely on a different DRM technology.