Ubisoft has caught a lot of flak from PC gamers over their uPlay system, online-authentication DRM that most recently came to attention for being unavailable at exactly the wrong time.
As it now turns out, uPlay is not only inconvenient to gamers, but it also comes with an insecure, exploitable browser plugin. Rock Paper Shotgun reports that the browser extension has a big fat hole in it that allows remote users to access and exploit a system. Malicious users can then install programs, or open, access, and delete files already on the PC.
Happily, as the exploit is in a browser extension, it's pretty simple for most PC gamers to disable on their own:
Firefox: Tools – Add-ons – Plugins – Disable the Uplay and Uplay PC Hub plugins
Chrome: Visit about:plugins and disable
Opera: Settings – Preferences – Advanced – Downloads – Search "Uplay", delete
And for those using Internet Explorer, Microsoft has detailed instructions on how to disable browser add-ons.
Players who have ever installed an Ubisoft game on their PC may want to double-check their browsers to look for and disable the uPlay extensions until a fix is announced.
Update: Ubisoft has released a patch. They recommend all users either update their uPlay client without a browser open, or download the new, patch-included version of the client from uplay.com.
Warning: Big Security Risk In Some Ubisoft PC Games [Rock, Paper, Shotgun]
DISCUSSION