Watch Netflix in a Browser? Update Silverlight

Microsoft Silverlight is one of those technologies that probably should have gone much further than it did. Initially conceived as a kind of all-purpose replacement for Adobe Flash Player, the online media protocol is now mostly just a way to run Netflix and Amazon Video on PCs and Macs.

Like Flash, though, Silverlight makes Web browsers vulnerable to some potentially nasty attacks, and if you haven't kept it updated, you could fall victim to a pernicious exploit that's now making the rounds online.

A French security blogger who goes by the name of Kafeine this week shared information about the Silverlight vulnerability on his security blog, Malware Don't Need Coffee. His explanation of the issue was simple and straightforward: Microsoft patched a major Silverlight vulnerability this month, but in so doing, it gave hackers the opportunity to reverse-engineer the previously undisclosed flaw and add it to the widely distributed Angler browser exploit kit.

MORE: Best Antivirus Software and Apps

The Silverlight vulnerability itself, which was given the ID CVE-2016-0034 (rolls right off the tongue, doesn't it?) can affect both Windows PCs and Macs. By convincing a user to visit a website infected with the Angler exploit kit, a hacker could use the Silverlight vulnerability to compromise the user's Web browser and infect the user's computer. Provided that user has administrative rights on his or her computer (it's much safer to browse the Web as a limited user), this attack could be really anything: file theft, unauthorized program installation, keylogging or any other common cybercriminal technique.

This is not the first time that Silverlight has come under attack via the CVE-2016-0034 exploit. Ars Technica points out that the vulnerability has been exploited in the wild for at least two years -- but only in spyware made and marketed by Hacking Team, an Italian company that buys zero-day exploits from independent hackers and incorporates them into its products. 

Last summer, someone hacked into Hacking Team's servers and dumped the company's email correspondence online, revealing the existence of many previously unknown security flaws, including at least one that affected Silverlight. It took some time for Microsoft and Moscow-based security firm Kaspersky Lab to fully research the disclosed Silverlight flaw and devise countermeasures.

The fix, at least, is simple: Keep Microsoft Silverlight up to date. If you run Windows Update or Apple Update frequently, you are already protected. Microsoft has also provided instructions to update Silverlight manually.

If you want to go one step further, you could just ditch Silverlight entirely. While the protocol is useful for watching Netflix and Amazon Video on most browsers, Google Chrome does not require Silverlight to run either one of the popular video streaming services. Unless you're a developer, there's likely nothing else for which you use Silverlight on a regular basis.

If you've already been infected, there's still no need to panic. The Angler exploit kit can install some nasty malware, but nothing that a good antivirus program can't handle. Run a scan, change your passwords and consider switching to Chrome.

Marshall Honorof

Marshall Honorof is a senior editor for Tom's Guide, overseeing the site's coverage of gaming hardware and software. He comes from a science writing background, having studied paleomammalogy, biological anthropology, and the history of science and technology. After hours, you can find him practicing taekwondo or doing deep dives on classic sci-fi. 

  • xray686166233
    I deleted MS Silverlight altogether I use Netflix HTML5 on the PC's .In any event Google Chrome does not support 1080p Netflix at all ,it's limited to 720p like FireFox no matter if you use HTML5 or Silverlight which I'm not even sure Netflix is recommending anymore anyway .

    *** If you want 1080p Netflix in a Windows PC browser it's only in IE 11 in Windows 8.1 x64 and Windows 10 x64 or Microsoft Edge in Windows 10 x64 or the Windows 10 x64 Netflix runtime app encodes and Safari up to 1080p on Mac OS X 10.10.3 or later

    HTLM 5 Supported Browsers:Google Chrome version 37 or later on Windows XP Service Pack 2 or later and Mac OS X 10.6 or later (Snow Leopard)
    Internet Explorer 11 or later on Windows 8.1 or later
    Microsoft Edge on Windows 10
    Mozilla Firefox version 42 or later on Windows Vista or later
    Supported on stable, official release builds from Mozilla. Non-Mozilla builds are not supported.
    Opera version 33 or later on Windows Vista Service Pack 2 or later and Mac OS X 10.9 or later
    Safari on Mac OS X 10.10 or later (Yosemite)
    Supported on all 2012 or later models and select 2011 models

    Resolution: Stream in HD if your Internet connection supports 5 megabits per second or more.

    Google Chrome up to 720p
    Internet Explorer up to 1080p
    Microsoft Edge up to 1080p
    Mozilla Firefox up to 720p
    Opera up to 720p
    Safari up to 1080p on Mac OS X 10.10.3 or later

    Sent from Windows 10 Pro Insider Preview Evaluation Copy . Build 14267 rs1-160218-2310