I don't know the technical details but Winevine claims to have a system for watermarking content, which may allow them to trace the origin of ripped content back to the set of keys which decrypted it so they can be revoked.
There are no exploits for Widevine. The system operates by requiring a key, which is obtained from the unsecure hardware enclaves of some of the thousands of devices whitelisted by Widevine. When you access and share publicly 4K content, the keys for that specific device are blacklisted, necessitating the purchase of a new device to extract a new key.
