On the net, players are reporting that HTML code can easily be executed in New World’s chat. Amazon has now reacted.
The Amazon MMO New World is not getting any rest. Since release, one problem follows the next, players have to endure a lot from bugs to server problems to serious exploits. The latest vulnerability belongs to the latter category, which even raises really dangerous implications regarding client security.
Players in the official forum as well as well-known YouTubers report about an exploit that is supposed to make it possible to post HTML language in the game’s chat. This sometimes manifests itself relatively harmlessly through images in the chat window, but also leads to game-destroying events – when the game suddenly crashes as a result. At the same time, some players suspect that there is much more wrong with New World’s netcode.
What is the current status? According to Amazon, the exploit has been fixed by now. Nevertheless, we want to inform you here so that you are aware of the problem.
Update as of 10/31/2021: Based on user feedback, we have revised the message to no longer incorrectly refer to the HTML language as “code”. We also point out that the reasons for the crashes were probably a simple incompatibility, not a drastic security hole as first suspected.
What’s going on?
YouTuber Josh Strife Hayes, among others, reports that New World can crash, sometimes just by hovering the mouse over certain chat messages. This is probably due to the fact that the game client is not 100% XHTML standard compliant and is not an indication that game spoilers are injecting malicious code into the game – because this would require the simultaneous execution of Java Script or a similar programming language. In the video, Josh Strife Hayes elaborates on his thoughts on the HTML crashes and other new problems with New World:
The mood of the community in the forum and on (Reddit) ranges from amused to angry to sheer bewilderment. Among other things, critics accuse the developers of having published a broken game. For some, the circumstances bring back bad memories of WoW. According to the cyber security company G Data, there was also danger in the well-known MMO in 2016 – and also due to technical vulnerabilities.
What is Amazon doing?
In an official statement on the New World forum, a community manager from Amazon Game Studios first explained that the problem was known. Appropriate steps had been taken to prevent the execution of code in the chat in the future.
A few hours later, another statement followed – a corresponding patch was now live. According to this, the problem is now fixed. The developers obviously reacted very quickly here. The next few hours and days will show whether the exploit has been successfully removed. Either way, a bitter aftertaste remains.