A new Chrome extension lets Spotify users permanently download any song currently available from the streaming music service, a massive slip-up that could quickly upset record labels and music publishers. As noted by Dutch website Tweakers, the Downloadify tool appears to take advantage of nonexistent encryption in Spotify's web player, which the company launched in beta back in November. By simply installing the extension — freely available in the Chrome Web Store — and starting to play a song, users will download a full, DRM-free MP3 file of the track.

Spotify allows its premium users to "store" music files locally so long as they keep their monthly subscription active, in turn providing royalties to artists and industry groups. But thanks to this non-sanctioned "tool," any customer can ransack Spotify's 20 million-plus song catalog. The Verge recommends against our readers using Downloadify; its very purpose should be enough to have you questioning its legality. We've reached out to Spotify and Google for more information.

Update: Downloadify has been removed from Chrome's Web Store, but is still available via a repository at GitHub. A Google spokesperson wouldn't discuss Downloadify specifically, but says the company removes apps "that do not comply with our terms of service." Spotify says it's aware of the issue with its web player and is "currently working on a fix."

Update 2: Spotify has now patched its web player to prevent Downloadify use.