New World’s launch has been plagued by a bunch of weird, sometimes catastrophic bugs, but this latest is one of the strangest I’ve ever seen: it let you kick other players out of the game just by sending them certain messages.
As players started discovering over the weekend, if you inserted HTML code into a chat, the game would read it as code. So one of the first things people worked out could be done was to insert images into that chat, spamming players with random pictures that could, if big enough, fill a huge section of the left side of the screen.
That, as annoying as it is, is largely harmless. More damaging to players’ ability to enjoy the game is that some folks also worked out if you sent a message containing certain custom code related to an item, the receiver’s PC would look for that code locally, not be able to find it, start looping around looking for it all over again, then crash their game.
Which sounds absolutely bonkers, but it’s true. This video below, by Callum Upton, tests the bug, showing us both how the image spamming can work, as well as explaining the text-kicking loophole.
If you stuck around past the kicking explanation, you’ll also have seen that the same chat box exploit could be employed to spawn gold out of nothing, by tricking the game into thinking you’d just got an item that was required to complete a quest, giving you 50 gold each time.
I am not a programmer, and my HTML experience runs about as far as being able to put italics in a headline on this website, but even I know this is very bad! Amazon have refuted claims that the game is “client authoritative” after an unkillable bug was also found recently, but it’s still incredible that players were given enough power to kick other players from the game just by sending them chat messages.
Anyway, the bug/exploit has since been fixed, with Amazon posting on the game’s forums:
Greetings advenuteres [sic],
Earlier today, we discovered an issue where players were able to post images and other links in the chat that resulted in unsavory behaviour.
We have enabled a fix that should resolve this issue and prevent players from abusing and exploiting this feature. This should already be enabled in each region.
Thank you for your patience while we investigated and resolved this issue. See you in Aeternum!