News

Ubisoft’s “Uplay” DRM installs a web browser plug-in that can be exploited by websites [UPDATE]

3 Comments

And here we go. Ubisoft’s Uplay has never been welcomed by PC gamers, as Ubisoft has been using it to force some atrocious always-online tactics in their latest games. Fast forward a couple of months and here is another reason for hating it, as Ubisoft’s DRM installs a web browser plug-in that can be exploited by other websites.
According to a report, Ubisoft’s Uplay installs a backdoor that allows any website to take over your computer. This exploit might enable root access and remote code execution in the future, in various shapes and sizes, so yeah… this is a big issue for Ubisoft.
Fear not though, as you can easily disable this web browser plug-in. Google chrome users can go to “about:plugins” and disable this and all other things that might expose them to extra security risks such as “Microsoft Office” (even “Native Client”) or any other plugins that exposed in there by 3rd party without any confirmation.
The same applies to IE and FireFox users. Head over to your plug-ins section and disable Uplay.
Let’s hope that Ubisoft will react quickly on this matter. And let’s hope that they won’t blame this for Assassin’s Creed 3’s future delay (the game is currently slated for a simultaneously release on consoles and PC, but we all know Ubisoft, right?).
UPDATE:
Ubisoft was quick to react and released a new patch for UPLAY. According to the release notes, the web browser plugin can only be used/opened by the UPLAY application. According to Ubisoft’s official statement, the company takes security issues very seriously, and they will continue to monitor all reports of vulnerabilities within their software and take swift action to resolve such issues. Sounds good, right? But what happens if a trojan or a virus is disguised as a UPLAY application? But then again, the same can be said for Steam or other programs… or not?