Spotify Web Player Compromised By Chrome Extension


A security vulnerability has caused Spotify’s web player to be compromised by a Chrome extension called Downloadify.

The exploited vulnerability allows users to download permanent copies of songs from the streaming music service, reports Electronista. Most content on Spotify is DRM-protected, but the Chrome extension Downloadify exploits MP3 files that are free of DRM.

The Chrome extension, originally discovered by Tweakers, downloads an MP3 of the selected track while it’s streaming, taking advantage of Spotify’s HTML5-based API. Downloadify’s author reportedly commented that the hack didn’t require much in terms of Javascript coding to accomplish an MP3 download, and that Spotify could supply a corrupted MP3 file allowing the client to fix the errors while playing it.

Google and Spotify were quick to intervene, removing Downloadify from Chrome’s Web Store, but you can still get the code on Github. Despite this, Robin Aldenhoven, Downloadify’s creator, told The Verge that the extension doesn’t work anymore in light of Spotify’s tighter security protocols, and that the extension wouldn’t be updated to circumvent the new settings.

Do you use Spotify? Did you take advantage of Downloadify while it was active?

Dusten Carlson
Dusten has written for web and print and currently spends his time working on his upcoming graphic novel. He is also almost 30 and still has all of his hair.


Your email address will not be published.

This site uses Akismet to reduce spam. Learn how your comment data is processed.