A group of security researchers has discovered a new severe vulnerability in Google Chrome browser that can download movies directly from the services like Netflix and Amazon Prime Video.

A Bug In Google Chrome Lets You Download Videos From Netflix

After the ordeal of rights holders for many years on the Internet, the piracy of movies, music and series have greatly declined over recent years, and thanks to the emergence of new legal offers.

The security researchers David Livshits of Ben-Gurion University (Israel) and the Alexandra Mikityuk from Telekom Innovation Laboratories in Berlin (Germany), have discovered a new flaw in the Google Chrome browser that could allow users to save illegal copies of movies viewed on the services like Netflix and Amazon Prime Video.

As the vulnerability affects Widevine more precisely, a DRM (digital rights management or digital rights manager) supposed to protect the videos shown in a browser. This technology verifies that a user is entitled to view content. In such cases, the security flaw gives the user a license key to decrypt it.

On a PC with Windows 7 and the 50 version of Google Chrome, David Livshits and the Alexandra Mikityuk has shown a video of the site “demo.castlabs.com” which intercepted during the playback. Hence, this video is then saved on the hard disk in two versions, one compressed and one uncompressed, and to read it, just open the file in a media player.

According to the reports, EME is responsible for the key exchange or license between the protection systems of content providers and browser HOM module. When users select a movie to watch, CDM request a license from the supplier via the EMS interface. When it receive the license, the CDM is able to decrypt the video and send it to the web player to stream the decrypted content.

The media site “Wired” said that “The simplicity of stealing content protected with this approach poses a serious risk to the Hollywood studios that rely on these technologies to protect their works”.

Both the experts warned that  Google on May 24, but the search giant Google has yet to patch the security bug. Hence, they will wait at least 90 days before revealing to the public how the flaw actually works, since they are against movie piracy. According to them, the good news is that this should be easily fixed via a software update, but that does not really solve the underlying problem.