I think we can all agree that general chat in MMOs is usually not super great. Now imagine if those spam-slinging all-caps jerkholes could also force everyone to download computer viruses via that chat window.
Yesterday, a member of the subreddit for the long-running action-MMO Tera posted about a potentially ruinous vulnerability in the game’s chat system. The poster, Gosukek, along with other players on Discord, claimed that Tera‘s chat interface uses HTML, meaning that if unscrupulous types got creative, they could theoretically do everything from forcing everyone to look at nauseating imagery, to collecting everybody’s IP address, to remotely executing malware and viruses on people’s computers. This issue has seemingly been present for years.
In response, Tera publisher En Masse quickly announced that the game’s chat services would be taken offline. It added, however, that it seems as though nobody’s taken advantage of the vulnerability so far.
“There are very serious claims floating around of what this vulnerability potentially allows malicious users to do,” En Masse wrote in a forum post. “We are taking these claims very seriously but, as of this time, we have no evidence that the vulnerability is being exploited in these ways or that any player information has been compromised.”
As of writing, all chat except guild chat has been disabled while the game’s developers work on a fix. There is currently no ETA for when it will be re-enabled. Given that MMOs are kinda all about communicating with other players, probably go ahead and wait before jumping into this one – if, you know, you were suddenly planning to after five years.