(credit score: Valve)

Researchers have unearthed 4 recreation modes that would efficiently exploit a important vulnerability that remained unpatched within the common Dota 2 online game for 15 months after a repair had turn out to be out there.

The vulnerability, tracked as CVE-2021-38003, resided within the open supply JavaScript engine from Google often called V8, which is included into Dota 2. Though Google patched the vulnerability in October 2021, Dota 2 developer Valve didn’t replace its software program to make use of the patched V8 engine till final month after researchers privately alerted the corporate that the important vulnerability was being focused.

Unclear intentions

A hacker took benefit of the delay by publishing a customized recreation mode final March that exploited the vulnerability, researchers from safety agency Avast stated. That very same month, the identical hacker printed three extra recreation modes that very probably additionally exploited the vulnerability. Moreover patching the vulnerability final month, Valve additionally eliminated all 4 modes.