CS2 XSS Features a Potential Security Flaw

| Tags: | Author
CS2 XSS Features a Potential Security Flaw

A big CS2 XSS vulnerability was spotted in Valve's FPS sequel


EDIT: Valve has already pushed out a fix for exploits involving UI code injection. Read all about it here.

Probably best to wait for the next patch before entering a lobby.

CS2 is one of the hottest releases of the year so far. Created by Valve, the sequel to the classic FPS improved on a lot of things that CS:GO seemingly perfected. But no game is without its flaws, and Counter-Strike 2 seems to have a big one.

Just recently, word spread about a CS2 major bug involving Cross-site Scripting or XSS. Numerous videos on YouTube confirmed the steps needed to reproduce the security flaw, and its a tad bit concerning.

CS2 XSS Bug

We won't reveal the CS2 XSS bug process here (it's a few clicks away on Google, which is frightening), but it exploits the characters a Steam username can have to inject code into another computer across a CS2 match. The information they can get from you includes your router's IP address and your “general” geolocation. Some cases have had scripters perform DDoS attacks on other players' systems.

MORE FROM ESTNN
CCT Shared More Information About the $500,000 CCT Global Finals

Now exploits like the CS2 XSS Bug aren't new. We've seen them across games over the years, causing DDoS attacks and whatnot. But it's fairly surprising to see such a flaw — one that should've been hammered out in early development — fly over Valve's head.

CS2 Crashing Mid Game Issue
via Reddit

Ex-Blizzard developer “Thor” also commented on his stream about the recently discovered CS2 XSS Bug exploit, detailing what a cross site scripting attack does and how it can steal information about someone else's IP address.

Protecting your information from malicious scripters is top priority, so we'd suggest taking a few days off from the game until we see Valve address the CS2 XSS Bug, which should be soon.


For the latest esports news, follow us on ESTNN.

CS2 XSS Features a Potential Security Flaw
Paul Goño
Paul started writing for ESTNN in 2022, the same year he beat his first Souls game. An avid fan of RPGs, his all-time favorites include Baldur's Gate 3, Assassin’s Creed and Kingdom Hearts 2. Besides being a professional nerd, he still struggles to get over the broken PS2 memory card that stored years of his save files.