Chrome bug can allow users to download Netflix videos.

Chrome bug can let users watch Netflix movies for free

Want to watch Netflix for free? Now you can! (If you’re savvy.)

Security researchers have just discovered a major vulnerability in the Chrome browser that allows users to download streaming content from major distributors like Netflix and Amazon Prime. These services have thousands of movies and shows available for streaming at a price, however, this Chrome security bug allows Chrome users to get around its copy protection system and get this content right away.

The researchers stated: “The simplicity of stealing protected content with our approach poses a serious risk for Hollywood which rely on such technology to protect their assets.”

This is a new bug that was just discovered last month. Google is well alerted of the issue, but has not issued or announced any sort of bug patch.

So is Google allowing this free Netflix hack?

Chrome DRM bug can allow users with software to download movies from Netflix and Amazon-like video services.
This DRM Chrome bug can allow users with software to download movies from Netflix and Amazon-like video services.

The bug is based on the Widevine digital rights management system (DRM) which is owned and operated by Google. It’s built into Chrome and it’s basically an engine that processes protected media streams, such as those of Netflix and Amazon Video. This engine uses two pieces of data to enforce protection- an encrypted media extension which handles security key exchanges, and a content decryption module, which unscrambles these protected videos so they can be watched in the Chrome browser.

The security researches found out that users can obtain access to the unprotected movie file before it’s played in the Chrome browser with software. Users can download these movies and keep them without paying for Netflix or Amazon services.

What’s Google going to do about it?

The caveat is that the security researchers have not disclosed how to access this vulnerability, and can’t do so until three months after Google is alerted. Google allows a minimum so that their own in-house security researchers can give these third-party vendors to fix bugs Google finds before the bugs are mentioned to the public. This isn’t to let everyone know that you can hack Netflix, but rather let Chrome users know there’s a bug going around for information. Not a step-by-step guide on getting Netflix movies for free.

The only thing available to the public besides news like this article is this video, released by the research team:

A Google spokesperson stated that the company is examining the issue, but didn’t announce any patches to fix it. Apparently the bug isn’t only on the Chrome browser, but rather any browser built on the Chrome source code (Chromium).

“Chrome has long been an open-source project and developers have been able to create their own versions of the browser that, for example, may use a different CRM or included midfield CDM rendering paths” stated the spokesperson.

Google Chrome and piracy

Google can fix the issue, but it would be difficult (but also possible) for Netflix and Amazon to go their own code and try to block these bugs. However, even if Google patches it, a skilled developer can simply release a previous version of Chrome without the patch and distribute it.

Firefox and Opera also use the Widevine DRM, but they haven’t been tested for the bug.

About Andy Z.

Andy is a casual-hardcore Chrome OS fan and contributes to the site regularly. He likes computers, tech, sports cars, videogames, and of course, Chromebooks. Thinker. Introvert. Geek. You can find him on Twitter (@platytech), or send him an email (platy@platypusplatypus.com).

Leave a comment

Be the first to make history...

Notify me when:
avatar
wpDiscuz