Ubisoft Browser Plugin Patched to Fix Security Vulnerability

U left the back door open

It seems the last version of Ubisoft’s browser plugin, which came as part of their UPlay client, had a serious vulnerability that could allow some malicious websites to take control of computers.

Recommended Videos

Programmer Tavis Ormandy, who alerted the world using SecLists.Org’s “full disclosure” mailing list, identified the issue. The back door has potentially been left open to anyone with Assassin’s Creed 2 to through to Revelations, HAWX 2, Splinter Cell: Conviction and Ghost Recon: Future Soldier amongst others (see full list below).

“While on vacation recently I bought a video game called ‘Assassin’s Creed Revelations’. I didn’t have much of a chance to play it, but it seems fun so far. However, I noticed the installation procedure creates a browser plugin for its accompanying UPlay launcher, which grants unexpectedly (at least to me) wide access to websites,” Ormandy explained.

“I don’t know if it’s by design, but I thought I’d mention it here in case someone else wants to look into it (I’m not really interested in video game security, I air-gap the machine I use to play games).”

In order to demonstrate he wasn’t simply trolling Ubisoft, Ormandy created a proof of concept. The demonstrative website will boot up Calculator on PCs with UPlay installed after users make a visit.

Ubisoft has been pretty quick to release an update to UPlay that only lets the browser plugin launch the UPlay application.

There’s a pretty large amount of damaging stuff a hacker could do to your computer while in control of it so if you’ve got UPlay on your system we recommend opening it up and letting it update as soon as possible.

Here’s the full list of games powered by UPlay:

Assassin’s Creed II
Assassin’s Creed: Brotherhood
Assassin’s Creed: Project Legacy
Assassin’s Creed Revelations
Assassin’s Creed III
Beowulf: The Game
Brothers in Arms: Furious 4
Call of Juarez: The Cartel
Driver: San Francisco
Heroes of Might and Magic VI
Just Dance 3
Prince of Persia: The Forgotten Sands
Pure Football
R.U.S.E.
Shaun White Skateboarding
Silent Hunter 5: Battle of the Atlantic
The Settlers 7: Paths to a Kingdom
Tom Clancy’s H.A.W.X. 2
Tom Clancy’s Ghost Recon: Future Soldier
Tom Clancy’s Splinter Cell: Conviction
Your Shape: Fitness Evolved


Prima Games is supported by our audience. When you purchase through links on our site, we may earn a small affiliate commission. Learn more
related content
Read Article Steam’s Family Sharing Feature Just Got Even Better
Steam Family Featured
Read Article The Pokemon Company Just Revealed the Most Adorable Pokemon Cards Yet
Image of Hisuian Growlithe Pokemon Card.
Read Article This Final Fantasy 7 Abomination is the Creepiest Dragon’s Dogma 2 Character Creation
Screenshot of Cloud in Final Fantasy 7.
Related Content
Read Article Steam’s Family Sharing Feature Just Got Even Better
Steam Family Featured
Read Article The Pokemon Company Just Revealed the Most Adorable Pokemon Cards Yet
Image of Hisuian Growlithe Pokemon Card.
Read Article This Final Fantasy 7 Abomination is the Creepiest Dragon’s Dogma 2 Character Creation
Screenshot of Cloud in Final Fantasy 7.
Author
Prima Games Staff
The staff at Prima Games.