There was a bug in Widevine last year which enabled downloading Encrypted Media Extension Content.
They stated that they would give full details after 90 days. Was this meant for public disclosure or full details only to a set of parties?
The problem is that if the bug is publicly disclosed, I don’t see how using an old version of Widevine for viewing Videos wouldn’t prevent to bypass the fix.
From reading the linked article the way they phrase the sentence regarding the disclosure appears that they're talking about full public disclosure, however after a few searches I couldn't find such a thing, no paper, nothing.
The article states the below, personally, the way I read that is after 90 days they will release a full public disclosure.
The researchers say the bug is very simple but won't reveal details about it until at least 90 days after their disclosure to Google, since they don't want to provide anyone who doesn't already know about the vulnerability with information that would allow them to steal movies. - Wired 26/06 - Bug in Chrome makes it easy to pirate movie
It then goes onto say
Ninety days is the minimum that Google's own security researchers in its Project Zero project give vendors to fix vulnerabilities they uncover before they disclose the bugs publicly. Wired 26/06 - Bug in Chrome makes it easy to pirate movie
Which furthers my idea that they meant public disclosure, however, as I stated other than a few blogs from a guy not linked/related to David Livshits and a whole bunch of news articles, plus a bug note from Google I do not see any "public disclosure" here.
It's very likely this comes down to phrasing or poor research on the journalists part. The problem with this article you're using as a reference is, it's published by a journalist, a journalist that might not even specialise in InfoSec or anything related to this field, you have to take articles like this with a pinch of salt - E.G don't trust their word on everything. (Perhaps research into the journalist a little and see if they're credible, etc)
From my point of view, as I couldn't even find a paper, I would put this down to the fact that the journalist simply didn't know, thus they based the "after 90" days off the second quote I referenced from the post.
I would not bother trying to get a response from Wired, they probably will not answer and even if they do I doubt they will actually know the answer you're looking for if they did they would have most likely mentioned the paper in their article. Your best chance of finding out whether or not public disclosure will ever be released/if it's been released would be to contact one of the researches involved in the project, they will know better than anybody else about their intentions for public disclosure (if any) for obvious reasons, if it helps the research was based out of Ben-Gurion University of the Negev in Israel so perhaps a good start would be to see if you can find a contact there.