Hours after reports of Counter-Strike 2 harboring a security gap hidden in the shell of an innocent-looking bug surfaced, Valve reportedly deployed a silent patch to mitigate it and another exploit that branched out of it. Interestingly, the fix came at the cost of a valuable Workshop feature.
On Dec. 10, concerns regarding a potentially major security exploit in CS2 surfaced after attackers reportedly used unauthorized images in an attempt to “execute malicious code” during a creator’s live stream. Later, players spotted another branching exploit that enabled hackers to take control of a victim’s in-game menu elements, including their inventory, through malicious workshop maps with full panorama access.
According to the latest reports, Valve quietly fixed both these exploits with unannounced patches, but as some players pointed out, it didn’t quite fix the second exploit so much as disable it.
Popular CS2 creator Gabe Follower also explained that while fixing the exploits, the devs “disabled any custom panorama elements/scripts packed in maps.” “For example, previously, it was possible to make a cinema game mode with an external video player, but now it’s restricted,” he shared. While this may affect players who love creating Workshop maps with such features, others can continue playing CS2 without any concerns.
On Dec. 10, a clip showing how players can use a GIF or image in their Steam nickname to display the same in CS2’s kick voting menu went viral, but as fun as that sounds, it wasn’t long before players were informed that attackers could use the bug to snatch personal information, leading to a huge stir-up in the community.
While a section of the community aware of the intricacies of cyber security urged players to stop playing CS2 until Valve fixes it, a bunch of players were convinced that it wasn’t as bad as claimed. Of course, it led to a debate, confusing players who just wanted to know whether CS2 is safe or not.
For those of you wondering, as of now, CS2 should be safe to play—just short of a few Workshop features, but safe.
