New World Bug Let You Kick Other Players Just By Chatting With Them

New World Bug Let You Kick Other Players Just By Chatting With Them
Screenshot: YouTube

New World’s launch has been plagued by a bunch of weird, sometimes catastrophic bugs, but this latest is one of the strangest I’ve ever seen: it let you kick other players out of the game just by sending them certain messages.

As players started discovering over the weekend, if you inserted HTML code into a chat, the game would read it as code. So one of the first things people worked out was possible was to start inserting images into that chat, spamming players with random pictures that could, if big enough, fill a huge section of the left of the screen.

That, as annoying as it is, is also largely harmless. More damaging to player’s ability to enjoy the game is the fact some folks also worked out that if you sent a message containing certain custom code related to an item, the receiver’s PC would look for that code locally, not be able to find it, start looping around looking for it all over again then crash their game.

Which sounds absolutely bonkers, but it’s true. This video by Callum Upton below tests the bug out, showing us both how the image spamming can work, as well as explaining the text-kicking loophole.

If you stuck around past the kicking explanation you’ll also have seen that the same chat box exploit could be employed to spawn gold out of nothing, by tricking the game into thinking you’d just got an item that was required to complete a quest, giving you 50 gold each time.

I am not a programmer, and my HTML experience runs about as far as being able to put italics in a headline on this website, but even I know this is very bad! Amazon have refuted claims that the game is “client authoritative” after an unkillable bug was also found recently, but it’s still incredible that players were given enough power to kick other players from the game just by sending them chat messages.

Anyway, the bug/exploit has since been fixed, with Amazon posting on the game’s forums:

Greetings advenuteres,

Earlier today, we discovered an issue where players were able to post images and other links in the chat that resulted in unsavoury behaviour.

We have enabled a fix that should resolve this issue and prevent players from abusing and exploiting this feature. This should already be enabled in each region.

Thank you for your patience while we investigated and resolved this issue. See you in Aeternum!

Comments

  • How they allowed HTML code execution is beyond me. One of the most basic things is to not allow users to execute code.

Log in to comment on this story!