The revelation yesterday that there was a major security problem with Uplay's browser plug-in has forced the publisher into action. In fact, the issue was solved yesterday and there is now a patch that plugs the security hole.
"Hi everyone,
We have released a new patch for Uplay PC, which will update your client to version 2.0.4. This patch corrects a flaw in the browser plug-in that was brought to our attention earlier today. We recommend that you update your Uplay PC following the instructions below. We're sorry for the inconvenience this has caused.
The situation:
The browser plug-in that we used to launch the application through uplay.com was able to take command line arguments that developers used to launch their games while they're being made. This weakness could allow the application to specify any executable to run, rather than just a game. This means it was possible to launch another program on the machine.
Corrective measures:
The issue was brought to our attention early Monday morning and we had a fix into our QC department an hour and a half later. An automatic patch was launched that fixes the browser plug-in so that it will only open the Uplay application. Ubisoft takes security issues very seriously, and we will continue to monitor all reports of vulnerabilities within our software and take swift action to resolve such issues.
Patching:
To update your Uplay client and apply the patch:
1. Close any open web browsers (Internet Explorer, Firefox, Chrome, Opera, etc.). If the web browser is open during the patch it will need to be restarted once the Uplay client ah.
2. Launch the Uplay PC client. The Uplay PC client update will start automatically."